5f5331936061bab206e375d0cfe9b558_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f5331936061bab206e375d0cfe9b558_JaffaCakes118
Size

94KB
MD5

5f5331936061bab206e375d0cfe9b558
SHA1

b8bc1b24ebcb8b3e30b3c8eb8024d9ebe34882d4
SHA256

6d56052af1152048844223ffbb3c8634c295af4d06816bd397d653fbffea892d
SHA512

29b42af58351985049c22ae1803478fa8d4a7284c7a6c1bbc21fccb9b83a0455663c44b2918e399a716bd474c00cb736f02ef0613dfef99dffaa70d5a925bff7
SSDEEP

1536:w0RdDZwrljwjlvjQ8gs9/esiH/9LKLObh2A/4Vf0O1EMeBEw/hOfO3j:wu+Bjwp7Qfnse/20heymT0Ew/hO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f5331936061bab206e375d0cfe9b558_JaffaCakes118

Files

5f5331936061bab206e375d0cfe9b558_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ede2ab7f19589226db3c8e855180de1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qtp-mt334

??1QStringList@@QAE@XZ
?null@QString@@2V1@A
??0QVariant@@QAE@ABVQStringList@@@Z
?push_back@?$QValueList@VQString@@@@QAEXABVQString@@@Z
??8@YA_NABVQString@@0@Z
?stripWhiteSpace@QString@@QBE?AV1@XZ
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
?lower@QString@@QBE?AV1@XZ
??0QString@@QAE@PBD@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@ABVQString@@@Z
?qApp@@3PAVQApplication@@A
??0QPixmap@@QAE@XZ
?inherits@QObject@@QBE_NPBD@Z
??0QString@@QAE@XZ
??1QPixmap@@UAE@XZ
??1QString@@QAE@XZ
??0?$QValueList@VQString@@@@QAE@XZ
??1QVariant@@QAE@XZ
?deleteData@QGArray@@MAEXPAUarray_data@1@@Z
?newData@QGArray@@MAEPAUarray_data@1@XZ
??1QGArray@@MAE@XZ
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QMemArray@PAD@@@Z
??0QGArray@@IAE@H@Z
?duplicate@QGArray@@IAEAAV1@ABV1@@Z

baselib100

?GetAppSettings@CParagonApp@@QBE?AVCXMLSettingsBlock@@XZ
?GetFirstChildBlock@CXMLSettingsBlock@@QBE?AV1@ABVQString@@@Z
?IsValid@CXMLSettingsBlock@@QBE_NXZ
?GetNodename@CXMLSettingsBlock@@QBE?AVQString@@XZ
?GetNodetext@CXMLSettingsBlock@@QBE?AVQString@@ABV2@@Z
??ECXMLSettingsBlock@@QAEAAV0@XZ
??1CXMLSettingsBlock@@QAE@XZ
BaseLibInit
?LockParagonEngine@@YGKPAVQWidget@@ABVQString@@1_NPAPAXPA_N@Z
??0CPropertyBag@@QAE@XZ
?Write@CPropertyBag@@QAEXABVQString@@ABVQVariant@@@Z
?IsWindowsPE@@YA_NXZ
?EjectAllCDs@@YGX_N@Z
?UnlockParagonEngine@@YGXPAX@Z
??1CPropertyBag@@UAE@XZ
?GetProductFlags@@YA_KXZ
?RemoveProductFlags@@YA_K_K@Z
?GetProductInfoString@@YA?AVQString@@W4PRODUCT_INFO_STRING@@@Z
?Reboot@@YG_NPAVQWidget@@ABVQString@@11_N@Z
BaseLibDone
?staticMetaObject@CParagonApp@@SAPAVQMetaObject@@XZ

restorelib

GetWizardInfo
StartWizard
DoneWithWizardLib
InitWizardLib

msvcrt

strcpy
malloc
_adjust_fdiv
_controlfp
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
free
__CxxFrameHandler
strlen

kernel32

GetStartupInfoA
GetModuleHandleA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ede2ab7f19589226db3c8e855180de1f

Headers

File Characteristics

Imports

qtp-mt334

baselib100

restorelib

msvcrt

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 192B

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 192B

.rsrc
Size: 72KB - Virtual size: 72KB