400fb60593d67580c9a593d35559dbf4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

400fb60593d67580c9a593d35559dbf4_JaffaCakes118
Size

26KB
MD5

400fb60593d67580c9a593d35559dbf4
SHA1

6fa779777b267edb056298f805c8ac622f0d4e3e
SHA256

e9285af3692254cd0caeb4d5aef23bae531aacbafbcf4b64792836476a7b722d
SHA512

565ac99052e2fa50a63eb887c2b8e4c10dca1a4c2b608fbd6537a87ac15e9d785ccafb70faff7b02a21a05fa6dba174095a1e0ec74d90cd8c5e29d8b22346599
SSDEEP

384:kYCymL0q2d5ZHyy9Q2lGs2dvcmH5WVckrFaSALh/RqUBKN6YeN1yn3fR/Ol86uY:kY5HZHz9hladv/W622fvoEL+fBOlGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
400fb60593d67580c9a593d35559dbf4_JaffaCakes118

Files

400fb60593d67580c9a593d35559dbf4_JaffaCakes118
.dll windows:5 windows x64 arch:x64

2e87bbfdd21f56c7801f5f3285c709a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Qt\Qt5.5.1\5.5\Src\qtbase\plugins\imageformats\qgif.pdb

Imports

qt5gui

?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
?qt_metacall@QImageIOPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QImageIOPlugin@@UEAAPEAXPEBD@Z
?setDevice@QImageIOHandler@@QEAAXPEAVQIODevice@@@Z
?setFormat@QImageIOHandler@@QEAAXAEBVQByteArray@@@Z
??1QImageIOPlugin@@UEAA@XZ
??0QImageIOPlugin@@QEAA@PEAVQObject@@@Z
??1QImageIOHandler@@UEAA@XZ
?currentImageRect@QImageIOHandler@@UEBA?AVQRect@@XZ
?jumpToImage@QImageIOHandler@@UEAA_NH@Z
?jumpToNextImage@QImageIOHandler@@UEAA_NXZ
??0QImageIOHandler@@QEAA@XZ
??4QImage@@QEAAAEAV0@AEBV0@@Z
?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z
?detach@QImage@@QEAAXXZ
?bytesPerLine@QImage@@QEBAHXZ
?isNull@QImage@@QEBA_NXZ
??0QImage@@QEAA@HHW4Format@0@@Z
??4QImage@@QEAAAEAV0@$$QEAV0@@Z
?byteCount@QImage@@QEBAHXZ
?width@QImage@@QEBAHXZ
?height@QImage@@QEBAHXZ
?bits@QImage@@QEAAPEAEXZ
?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ
?scanLine@QImage@@QEAAPEAEH@Z
??1QImage@@UEAA@XZ
??0QImage@@QEAA@XZ

qt5core

??0QString@@QEAA@XZ
??1QString@@QEAA@XZ
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
??0QVariant@@QEAA@_N@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@$$QEAV0@@Z
??0QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBVQSize@@@Z
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?isReadable@QIODevice@@QEBA_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
??0QByteArray@@QEAA@XZ
?read@QIODevice@@QEAA?AVQByteArray@@_J@Z
?append@QByteArray@@QEAAAEAV1@AEBV1@@Z
?constData@QByteArray@@QEBAPEBDXZ
?remove@QByteArray@@QEAAAEAV1@HH@Z
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
?shared_null@QArrayData@@2QBU1@B
??0QByteArray@@QEAA@PEBDH@Z
??0QMessageLogger@@QEAA@PEBDH0@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?peek@QIODevice@@QEAA_JPEAD_J@Z
??1QByteArray@@QEAA@XZ

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
??2@YAPEAX_K@Z
memset
memcpy
_initterm
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
strncmp

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
DecodePointer
EncodePointer

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e87bbfdd21f56c7801f5f3285c709a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5gui

qt5core

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 288B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 190B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 288B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 190B