03f33a0d7005f44879f13f4ab808103d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03f33a0d7005f44879f13f4ab808103d_JaffaCakes118
Size

66KB
MD5

03f33a0d7005f44879f13f4ab808103d
SHA1

cd24a80f046c985c959fe0a2de5c6714f424aa40
SHA256

eca2b2040d8c74720b208830baee7dbd820b648cad5ea2b9f24dd64701892291
SHA512

27e8f110d07f3d923099ed8947939264d311d53188bdd392ea5d38f0e3e9d180e774d00eecd402b32c9cc552804d6377b8784e89d578d87b5ca21d9247b868a2
SSDEEP

1536:QkWwewn9nOcLlv2TBYDUWUQiqj59YeKXoOlvS5c:zWwe07LWgFiqVqoOlvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f33a0d7005f44879f13f4ab808103d_JaffaCakes118

Files

03f33a0d7005f44879f13f4ab808103d_JaffaCakes118
.dll windows:5 windows x64 arch:x64

c995fdd91f396441069f3dfbae5ffca6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libmysql

mysql_stmt_reset
mysql_stmt_bind_param
mysql_stmt_execute
mysql_stmt_affected_rows
mysql_stmt_bind_result
mysql_stmt_attr_set
mysql_stmt_store_result
mysql_stmt_init
mysql_stmt_prepare
mysql_stmt_param_count
mysql_real_query
mysql_field_count
mysql_affected_rows
mysql_fetch_field_direct
mysql_next_result
mysql_store_result
mysql_stmt_close
mysql_stmt_result_metadata
mysql_num_fields
mysql_list_tables
mysql_init
mysql_real_connect
mysql_select_db
mysql_options
mysql_set_character_set
mysql_get_client_version
mysql_get_server_version
mysql_thread_init
mysql_fetch_lengths
mysql_real_escape_string
mysql_query
mysql_list_fields
mysql_free_result
mysql_thread_end
mysql_close
mysql_field_seek
mysql_fetch_field
mysql_stmt_insert_id
mysql_insert_id
mysql_stmt_num_rows
mysql_num_rows
mysql_stmt_data_seek
mysql_stmt_fetch
mysql_data_seek
mysql_fetch_row
mysql_stmt_error
mysql_stmt_errno
mysql_error
mysql_errno
mysql_character_set_name

qtsql4

?staticMetaObject@QSqlDriver@@2UQMetaObject@@B
?qt_metacall@QSqlDriver@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QSqlDriver@@UEAAPEAXPEBD@Z
?exec@QSqlResult@@MEAA_NXZ
?boundValues@QSqlResult@@IEBAAEAV?$QVector@VQVariant@@@@XZ
?prepare@QSqlResult@@MEAA_NAEBVQString@@@Z
?virtual_hook@QSqlResult@@MEAAXHPEAX@Z
?driver@QSqlResult@@IEBAPEBVQSqlDriver@@XZ
?isOpenError@QSqlDriver@@QEBA_NXZ
?fetchPrevious@QSqlResult@@MEAA_NXZ
?bindValue@QSqlResult@@MEAAXHAEBVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
?bindValue@QSqlResult@@MEAAXAEBVQString@@AEBVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
?savePrepare@QSqlResult@@MEAA_NAEBVQString@@@Z
?setForwardOnly@QSqlResult@@MEAAX_N@Z
?setSelect@QSqlResult@@MEAAX_N@Z
?setQuery@QSqlResult@@MEAAXAEBVQString@@@Z
?setLastError@QSqlResult@@MEAAXAEBVQSqlError@@@Z
?setActive@QSqlResult@@MEAAX_N@Z
?setAt@QSqlResult@@MEAAXH@Z
??0QSqlResult@@IEAA@PEBVQSqlDriver@@@Z
??1QSqlResult@@UEAA@XZ
??0QSqlDriver@@QEAA@PEAVQObject@@@Z
?numericalPrecisionPolicy@QSqlResult@@IEBA?AW4NumericalPrecisionPolicy@QSql@@XZ
?isNull@QSqlField@@QEBA_NXZ
?type@QSqlField@@QEBA?AW4Type@QVariant@@XZ
?value@QSqlField@@QEBA?AVQVariant@@XZ
?formatValue@QSqlDriver@@UEBA?AVQString@@AEBVQSqlField@@_N@Z
?isIdentifierEscaped@QSqlDriver@@QEBA_NAEBVQString@@W4IdentifierType@1@@Z
?stripDelimiters@QSqlDriver@@QEBA?AVQString@@AEBV2@W4IdentifierType@1@@Z
??0QSqlIndex@@QEAA@AEBVQString@@0@Z
??0QSqlIndex@@QEAA@AEBV0@@Z
??0QSqlQuery@@QEAA@PEAVQSqlResult@@@Z
?exec@QSqlQuery@@QEAA_NAEBVQString@@@Z
?isActive@QSqlQuery@@QEBA_NXZ
?next@QSqlQuery@@QEAA_NXZ
?value@QSqlQuery@@QEBA?AVQVariant@@H@Z
?field@QSqlRecord@@QEBA?AVQSqlField@@AEBVQString@@@Z
?append@QSqlIndex@@QEAAXAEBVQSqlField@@@Z
?setCursorName@QSqlIndex@@QEAAXAEBVQString@@@Z
?setName@QSqlIndex@@QEAAXAEBVQString@@@Z
??1QSqlQuery@@QEAA@XZ
??1QSqlIndex@@QEAA@XZ
?setLastError@QSqlDriver@@MEAAXAEBVQSqlError@@@Z
?setOpenError@QSqlDriver@@MEAAX_N@Z
?setOpen@QSqlDriver@@MEAAX_N@Z
?sqlStatement@QSqlDriver@@UEBA?AVQString@@W4StatementType@1@AEBV2@AEBVQSqlRecord@@_N@Z
?isOpen@QSqlDriver@@UEBA_NXZ
??1QSqlDriver@@UEAA@XZ
??0QSqlRecord@@QEAA@XZ
?append@QSqlRecord@@QEAAXAEBVQSqlField@@@Z
??0QSqlRecord@@QEAA@AEBV0@@Z
??1QSqlRecord@@QEAA@XZ
?isActive@QSqlResult@@IEBA_NXZ
?isSelect@QSqlResult@@IEBA_NXZ
?isForwardOnly@QSqlResult@@IEBA_NXZ
?at@QSqlResult@@IEBAHXZ
??0QSqlField@@QEAA@AEBVQString@@W4Type@QVariant@@@Z
?setRequiredStatus@QSqlField@@QEAAXW4RequiredStatus@1@@Z
?setLength@QSqlField@@QEAAXH@Z
?setPrecision@QSqlField@@QEAAXH@Z
?setSqlType@QSqlField@@QEAAXH@Z
?setAutoValue@QSqlField@@QEAAX_N@Z
??1QSqlField@@QEAA@XZ
??0QSqlError@@QEAA@AEBVQString@@0W4ErrorType@0@H@Z
??1QSqlError@@QEAA@XZ
??1QSqlDriverPlugin@@UEAA@XZ
?qt_metacall@QSqlDriverPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QSqlDriverPlugin@@UEAAPEAXPEBD@Z
?metaObject@QSqlDriverPlugin@@UEBAPEBUQMetaObject@@XZ
??0QSqlDriverPlugin@@QEAA@PEAVQObject@@@Z

qtcore4

?staticMetaObject@QObject@@2UQMetaObject@@B
?constData@QVariant@@QEBAPEBXXZ
?isNull@QVariant@@QEBA_NXZ
?type@QVariant@@QEBA?AW4Type@1@XZ
?toTime@QVariant@@QEBA?AVQTime@@XZ
?toDate@QVariant@@QEBA?AVQDate@@XZ
??0QVariant@@QEAA@HPEBXI@Z
?split@QString@@QEBA?AVQStringList@@AEBVQChar@@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?simplified@QString@@QEBA?AV1@XZ
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?mid@QString@@QEBA?AV1@HH@Z
?left@QString@@QEBA?AV1@H@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QObject@@QEAA@PEAV0@@Z
?connect@QObject@@SA_NPEBV1@PEBD01W4ConnectionType@Qt@@@Z
??1QObject@@UEAA@XZ
?grow@QVectorData@@SAHHHH_N@Z
?reallocate@QVectorData@@SAPEAU1@PEAU1@HHH@Z
?qMemSet@@YAPEAXPEAXH_K@Z
?registerType@QMetaType@@SAHPEBDP6AXPEAX@ZP6APEAXPEBX@Z@Z
??0QVariant@@QEAA@W4Type@0@@Z
?toLongLong@QString@@QEBA_JPEA_NH@Z
??0QVariant@@QEAA@_J@Z
?toULongLong@QString@@QEBA_KPEA_NH@Z
?toInt@QString@@QEBAHPEA_NH@Z
??0QVariant@@QEAA@H@Z
?toUInt@QString@@QEBAIPEA_NH@Z
??0QVariant@@QEAA@I@Z
?toDouble@QString@@QEBANPEA_N@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??4QVariant@@QEAAAEAV0@AEBV0@@Z
??0QVariant@@QEAA@N@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
?toLongLong@QVariant@@QEBA_JPEA_N@Z
?toInt@QVariant@@QEBAHPEA_N@Z
??0QVariant@@QEAA@AEBV0@@Z
?shared_null@QByteArray@@0UData@1@A
??0QByteArray@@QEAA@PEBDH@Z
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
??0QVariant@@QEAA@AEBVQByteArray@@@Z
?allocate@QVectorData@@SAPEAU1@HH@Z
?qBadAlloc@@YAXXZ
?free@QVectorData@@SAXPEAU1@H@Z
?shared_null@QVectorData@@2U1@A
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?startsWith@QString@@QEBA_NAEBVQChar@@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NAEBVQChar@@W4CaseSensitivity@Qt@@@Z
?replace@QString@@QEAAAEAV1@VQChar@@AEBVQLatin1String@@W4CaseSensitivity@Qt@@@Z
??4QString@@QEAAAEAV0@AEBVQLatin1String@@@Z
?toByteArray@QVariant@@QEBA?AVQByteArray@@XZ
?realloc@QString@@AEAAXH@Z
?append@QString@@QEAAAEAV1@VQChar@@@Z
?replace@QString@@QEAAAEAV1@AEBVQLatin1String@@0W4CaseSensitivity@Qt@@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?shared_null@QString@@0UData@1@A
?arg@QString@@QEBA?AV1@AEBV1@HAEBVQChar@@@Z
?toString@QVariant@@QEBA?AVQString@@XZ
?toLocal8Bit@QString@@QEBA?AVQByteArray@@XZ
?qWarning@@YAXPEBDZZ
??1QByteArray@@QEAA@XZ
?hour@QTime@@QEBAHXZ
?minute@QTime@@QEBAHXZ
?second@QTime@@QEBAHXZ
?msec@QTime@@QEBAHXZ
?year@QDate@@QEBAHXZ
?month@QDate@@QEBAHXZ
?day@QDate@@QEBAHXZ
??0QVariant@@QEAA@_K@Z
??0QVariant@@QEAA@XZ
?translate@QCoreApplication@@SA?AVQString@@PEBD00W4Encoding@1@@Z
?fromLatin1@QString@@SA?AV1@PEBDH@Z
?codecForName@QTextCodec@@SAPEAV1@PEBD@Z
??0QDateTime@@QEAA@XZ
??0QVariant@@QEAA@AEBVQDateTime@@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?insert@QString@@QEAAAEAV1@HVQChar@@@Z
?fromString@QDateTime@@SA?AV1@AEBVQString@@W4DateFormat@Qt@@@Z
??1QDateTime@@QEAA@XZ
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBVQTime@@@Z
?fromString@QTime@@SA?AV1@AEBVQString@@W4DateFormat@Qt@@@Z
??0QVariant@@QEAA@AEBVQDate@@@Z
?fromString@QDate@@SA?AV1@AEBVQString@@W4DateFormat@Qt@@@Z
?fromUnicode@QTextCodec@@QEBA?AVQByteArray@@AEBVQString@@@Z
?toUnicode@QTextCodec@@QEBA?AVQString@@PEBDHPEAUConverterState@1@@Z
?toUnicode@QTextCodec@@QEBA?AVQString@@PEBD@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXPEBD@Z
?disconnectNotify@QObject@@MEAAXPEBD@Z
??8QString@@QEBA_NAEBVQLatin1String@@@Z
?shared_null@QListData@@2UData@1@A
?removeGuard@QMetaObject@@SAXPEAPEAVQObject@@@Z
?changeGuard@QMetaObject@@SAXPEAPEAVQObject@@PEAV2@@Z
??0QString@@QEAA@AEBV0@@Z
?free@QString@@CAXPEAUData@1@@Z
?qFree@@YAXPEAX@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?append@QListData@@QEAAPEAPEAXXZ
??1QString@@QEAA@XZ
?fromLatin1_helper@QString@@CAPEAUData@1@PEBDH@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
?tr@QMetaObject@@QEBA?AVQString@@PEBD0@Z
?codecForLocale@QTextCodec@@SAPEAV1@XZ

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
memset
memcpy
??_V@YAXPEAX@Z
_CxxThrowException
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
__CxxFrameHandler3

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
DecodePointer
EncodePointer

Exports

Exports

qt_plugin_instance
qt_plugin_query_verification_data

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c995fdd91f396441069f3dfbae5ffca6

Headers

DLL Characteristics

File Characteristics

Imports

libmysql

qtsql4

qtcore4

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 688B

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 410B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 688B

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B