4dc9e85d54ca3c73464310a3f33d32c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4dc9e85d54ca3c73464310a3f33d32c0_JaffaCakes118
Size

220KB
MD5

4dc9e85d54ca3c73464310a3f33d32c0
SHA1

4da036549bb74bd2d2b96910da3a17e28bce910e
SHA256

a490218ca064d64cc92fc23de36b6b8bb9727d93db78331c594db55596c93a06
SHA512

cf72ca612fb6ae2942b1e896f00c1282dd6e8b34c816be09c15b53234d99ef67c4c58a7a4a2ed5f2b70f335c2fb36d3baf07fb6ee151b5f18449595bd9af9cc7
SSDEEP

3072:4lYKu2++RtLeT7OpRBLkh5zRSEdB2egu2eA0PSfThkLqiUVEd:6nRgYgh5zRSED32V0gThkmp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dc9e85d54ca3c73464310a3f33d32c0_JaffaCakes118

Files

4dc9e85d54ca3c73464310a3f33d32c0_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a7f483b62b8a6d8e01f9c203d6aed5e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetModuleHandleA
GetStartupInfoA
Sleep
GetLastError
GetCurrentProcessId
GetProcessVersion
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA

user32

RegisterWindowMessageA
GetWindowThreadProcessId
PostMessageA
EnumWindows

wsock32

__WSAFDIsSet
select

qt-mt334

??6QTextStream@@QAEAAV0@I@Z
??6QTextStream@@QAEAAV0@H@Z
??6QTextStream@@QAEAAV0@PBD@Z
?endl@@YAAAVQTextStream@@AAV1@@Z
??6QTextStream@@QAEAAV0@ABVQString@@@Z
?toString@QDateTime@@QBE?AVQString@@W4DateFormat@Qt@@@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
?getch@QFile@@UAEHXZ
?msg_index@QGArray@@CAXI@Z
?resize@QGArray@@IAE_NI@Z
?remove@QFile@@SA_NABVQString@@@Z
??0QFile@@QAE@ABVQString@@@Z
?open@QFile@@UAE_NH@Z
??1QFile@@UAE@XZ
??0QTextStream@@QAE@PAVQIODevice@@@Z
??5QTextStream@@QAEAAV0@AAK@Z
??1QTextStream@@UAE@XZ
?readEntry@QSettings@@QAE?AVQString@@ABV2@0PA_N@Z
??0QSettings@@QAE@XZ
?setPath@QSettings@@QAEXABVQString@@0W4Scope@1@@Z
??H@YA?BVQString@@PBDABV0@@Z
?removeEntry@QSettings@@QAE_NABVQString@@@Z
?writeEntry@QSettings@@QAE_NABVQString@@0@Z
??0QGArray@@QAE@XZ
??_7?$QMemArray@D@@6B@
??1QGArray@@MAE@XZ
??1QSettings@@QAE@XZ
?wakeUpGuiThread@QApplication@@QAEXXZ
?ucs2@QString@@QBEPBGXZ
?fromUcs2@QString@@SA?AV1@PBG@Z
?qt_set_win_event_filter@@YAP6AHPAUtagMSG@@@ZP6AH0@Z@Z
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
?local8Bit@QString@@QBE?AVQCString@@XZ
??1QCString@@UAE@XZ
?qWinVersion@@YAHXZ
?setAutoUnload@QLibrary@@QAEX_N@Z
?qApp@@3PAVQApplication@@A
?quit@QApplication@@QAEXXZ
??8@YA_NABVQString@@PBD@Z
?toInt@QString@@QBEHPA_NH@Z
?qSystemWarning@@YAXPBDH@Z
?latin1@QString@@QBEPBDXZ
?qFatal@@YAXPBDZZ
??0QString@@QAE@ABV0@@Z
?qWarning@@YAXPBDZZ
?truncate@QString@@QAEXI@Z
??0QChar@@QAE@D@Z
?contains@QString@@QBEHVQChar@@_N@Z
?replace@QString@@QAEAAV1@VQChar@@0@Z
??0QProcess@@QAE@ABVQString@@PAVQObject@@PBD@Z
?wait@QThread@@QAE_NK@Z
??0QApplication@@QAE@AAHPAPAD@Z
?start@QThread@@QAEXXZ
?exec@QApplication@@QAEHXZ
??1QApplication@@UAE@XZ
?wakeOne@QWaitCondition@@QAEXXZ
?null@QString@@2V1@A
??0QDir@@QAE@ABVQString@@0HH@Z
?entryList@QDir@@UBE?AVQStringList@@ABVQString@@HH@Z
?filePath@QDir@@UBE?AVQString@@ABV2@_N@Z
??1QDir@@UAE@XZ
?wait@QWaitCondition@@QAE_NK@Z
??0QThread@@QAE@XZ
??0QWaitCondition@@QAE@XZ
??1QThread@@UAE@XZ
??1QWaitCondition@@UAE@XZ
??1?$QMemArray@D@@UAE@XZ
?detachInternal@?$QValueList@VQString@@@@AAEXXZ
??1QStringList@@QAE@XZ
?makeSharedNull@QString@@CAPAUQStringData@@XZ
??0QString@@QAE@PBD@Z
?right@QString@@QBE?AV1@I@Z
??9@YA_NABVQString@@0@Z
??H@YA?BVQString@@ABV0@PBD@Z
??0QLibrary@@QAE@ABVQString@@@Z
?load@QLibrary@@QAE_NXZ
?resolve@QLibrary@@QAEPAXPBD@Z
??4QString@@QAEAAV0@PBD@Z
??1QLibrary@@UAE@XZ
?convertSeparators@QDir@@SA?AVQString@@ABV2@@Z
??4QString@@QAEAAV0@ABV0@@Z
?shared_null@QString@@0PAUQStringData@@A
?deleteSelf@QStringData@@QAEXXZ
?separator@QDir@@SADXZ
??YQString@@QAEAAV0@D@Z
??YQString@@QAEAAV0@PBD@Z
?ascii@QString@@QBEPBDXZ
??1QString@@QAE@XZ
?launch@QProcess@@UAE_NABVQString@@PAVQStringList@@@Z
?atEnd@QFile@@UBE_NXZ
??1QProcess@@UAE@XZ
?close@QFile@@UAEXXZ
??0QFile@@QAE@XZ
?open@QFile@@QAE_NHPAU_iobuf@@@Z
??0QGArray@@IAE@H@Z
??6QTextStream@@QAEAAV0@K@Z
?deleteData@QGArray@@MAEXPAUarray_data@1@@Z
?newData@QGArray@@MAEPAUarray_data@1@XZ
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QMemArray@PAD@@@Z
?duplicate@QGArray@@IAEAAV1@ABV1@@Z

beidlibeay32

ord529
ord52
ord80
ord3212
ord181
ord89
ord188
ord2446
ord758
ord2902
ord86
ord1102
ord109
ord67

beidssleay32

ord12
ord110
ord45
ord174
ord8

msvcrt

_ecvt
_fcvt
_finite
_fpclass
_isnan
_copysign
sprintf
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
strncpy
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
printf
_iob
fprintf
_purecall
strchr
strncmp
_vsnprintf
fwrite
atoi
fflush
fgets
strstr
fopen
_fstat
fread
fclose
_strnicmp
_CxxThrowException
??2@YAPAXI@Z
memmove
__CxxFrameHandler
realloc
malloc
free
??3@YAXPAX@Z
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_stricmp
strcpy
strlen

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7f483b62b8a6d8e01f9c203d6aed5e5

Headers

File Characteristics

Imports

kernel32

user32

wsock32

qt-mt334

beidlibeay32

beidssleay32

msvcrt

Sections

.text Size: 172KB - Virtual size: 169KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 2KB