9f825984cc11fdcef50a6cbd7d204655_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9f825984cc11fdcef50a6cbd7d204655_JaffaCakes118
Size

596KB
MD5

9f825984cc11fdcef50a6cbd7d204655
SHA1

ca78890e6d64710d4125e99d05fcd9a0664ea507
SHA256

3c6cf782a830b3060b4af00fdedf5f4b013a3cb91f15fb515aba2973c75139f7
SHA512

36b02b128b41d3a8a41da89166cb30869071f0e993f5c1035245654ca53396147699cc40f88fe3370d829a8574b4c20dbf2ce53cc19f28fa77bb908f4634a550
SSDEEP

12288:hgmcyjR2vO9I2vFI+kR/OuKWRHNHoD5HV3imxALY5UEboLVX:CmcyhI0FIH/OupRWHRimxAqUESX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f825984cc11fdcef50a6cbd7d204655_JaffaCakes118

Files

9f825984cc11fdcef50a6cbd7d204655_JaffaCakes118
.dll windows:5 windows x86 arch:x86

aaeb03275fa48fef93b7ff8519e052ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins\GLD\GLD_FinalBuilder_QT5.1_VS2010\GCR_0515\Glodon\bin\Release\X86\GLDThemeEngine.pdb

Imports

gldcommon

?exePath@@YA?AVQString@@XZ
?extractFilePath@@YA?AVQString@@ABV1@@Z

qt5widgets

?setStyle@QWidget@@QAEXPAVQStyle@@@Z
?style@QWidget@@QBEPAVQStyle@@XZ

qt5core

??1QObject@@UAE@XZ
?event@QObject@@UAE_NPAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?objectName@QObject@@QBE?AVQString@@XZ
?inherits@QObject@@QBE_NPBD@Z
?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?allKeys@QSettings@@QBE?AVQStringList@@XZ
??1Connection@QMetaObject@@QAE@XZ
?connect@QObject@@SA?AVConnection@QMetaObject@@PBV1@PBD01W4ConnectionType@Qt@@@Z
?installEventFilter@QObject@@QAEXPAV1@@Z
?contains@QSettings@@QBE_NABVQString@@@Z
?className@QMetaObject@@QBEPBDXZ
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?deallocate@QArrayData@@SAXPAU1@II@Z
?append@QListData@@QAEPAPAXXZ
?property@QObject@@QBE?AVQVariant@@PBD@Z
?sync@QSettings@@QAEXXZ
??0QSettings@@QAE@ABVQString@@W4Format@0@PAVQObject@@@Z
??4QString@@QAEAAV0@ABV0@@Z
??8@YA_NABVQString@@0@Z
?metaObject@QSettings@@UBEPBUQMetaObject@@XZ
?qt_metacast@QSettings@@UAEPAXPBD@Z
?qt_metacall@QSettings@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?event@QSettings@@MAE_NPAVQEvent@@@Z
??1QSettings@@UAE@XZ
??0QObject@@QAE@PAV0@@Z
?qt_metacast@QObject@@UAEPAXPBD@Z
?activate@QMetaObject@@SAXPAVQObject@@PBU1@HPAPAX@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?qRegisterResourceData@@YA_NHPBE00@Z
?qUnregisterResourceData@@YA_NHPBE00@Z
?realloc@QListData@@QAEXH@Z
?detach@QListData@@QAEPAUData@1@H@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?qBadAlloc@@YAXXZ
?recalcMostLeftNode@QMapDataBase@@QAEXXZ
?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z
?freeData@QMapDataBase@@SAXPAU1@@Z
??0QString@@QAE@XZ
??0QFile@@QAE@ABVQString@@@Z
?exists@QFile@@QBE_NXZ
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?readAll@QIODevice@@QAE?AVQByteArray@@XZ
?fromLatin1@QString@@SA?AV1@ABVQByteArray@@@Z
??4QString@@QAEAAV0@$$QAV0@@Z
??1QByteArray@@QAE@XZ
?close@QFileDevice@@UAEXXZ
??0QString@@QAE@$$QAV0@@Z
??1QFile@@UAE@XZ
?createNode@QMapDataBase@@QAEPAUQMapNodeBase@@HHPAU2@_N@Z
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?freeNodeAndRebalance@QMapDataBase@@QAEXPAUQMapNodeBase@@@Z
?nextNode@QMapNodeBase@@QBEPBU1@XZ
?data@QArrayData@@QAEPAXXZ
?createData@QMapDataBase@@SAPAU1@XZ
?toBool@QVariant@@QBE_NXZ
?shared_null@QListData@@2UData@1@B
?dispose@QListData@@SAXPAUData@1@@Z
?shared_null@QArrayData@@2QBU1@B
?shared_null@QMapDataBase@@2U1@B
?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z
??0QVariant@@QAE@XZ
?value@QSettings@@QBE?AVQVariant@@ABVQString@@ABV2@@Z
?toString@QVariant@@QBE?AVQString@@XZ
??1QVariant@@QAE@XZ
?fileName@QSettings@@QBE?AVQString@@XZ
?fromUtf8@QString@@SA?AV1@PBDH@Z
??0QString@@QAE@ABV0@@Z
?append@QString@@QAEAAV1@ABV1@@Z
??1QString@@QAE@XZ
?removeEventFilter@QObject@@QAEXPAV1@@Z

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
__RTDynamicCast
memmove
memset
_CxxThrowException
??3@YAXPAX@Z
_purecall
__CxxFrameHandler3
memcpy
_except_handler4_common

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

Exports

Exports

??0IGLDThemeEngine@@QAE@ABV0@@Z
??0IGLDThemeEngine@@QAE@XZ
??4IGLDThemeEngine@@QAEAAV0@ABV0@@Z
??_7IGLDThemeEngine@@6B@
?GLDThemeEngine@@YAPAVIGLDThemeEngine@@XZ
?getIniFilePath@@YA?AVQString@@PAVQObject@@@Z
?getQssFileName@@YA?AVQString@@PAVQObject@@@Z
?getQssString@@YA?AVQString@@PAVQObject@@@Z
?getStyle@@YAPAVQStyle@@W4StyleType@@PAVQWidget@@@Z
?registStyleFactory@@YAXW4StyleType@@PAVIGLDStyleFactory@@@Z
?setCurrentTheme@@YAXVQString@@@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 577KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaeb03275fa48fef93b7ff8519e052ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gldcommon

qt5widgets

qt5core

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 577KB - Virtual size: 576KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 577KB - Virtual size: 576KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB