a2ba4239ab4b4707927daf2745d97c3c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2ba4239ab4b4707927daf2745d97c3c_JaffaCakes118
Size

30KB
MD5

a2ba4239ab4b4707927daf2745d97c3c
SHA1

7d99075486f3d11ad73d563fef9ac5fdbd12668b
SHA256

7e04bd5e71fc50441ebda0af892efe43d11fdd42bb63c8bfa9ff6e3f32816116
SHA512

5f73c2722b899a0666c9fc9f4d1d9709436e5791c5b087c99f684fd7129b10bf11f8b4e3ea7fa03e17c97f9782e7c37ae6cad638b84d36215e4dd468439884f0
SSDEEP

768:hTWauutY3SlUaQYJJjJC5ZlU5Ql93C/DGi:hTWJut0SlJNjI5ZlU5QzK

Score

1^/10

Malware Config

Signatures

Files

a2ba4239ab4b4707927daf2745d97c3c_JaffaCakes118
.dll windows:6 windows x86 arch:x86

f35b67da68f840bd1d0e451f53ab2a77

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2018, 00:00

Not After

09/01/2020, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:d3:25:d8:15:d9:15:f9:98:ff:a5:6d:ca:18:54:02:e5:29:68:b7
Signer

Actual PE Digest

16:d3:25:d8:15:d9:15:f9:98:ff:a5:6d:ca:18:54:02:e5:29:68:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5gui

?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
??1QImageIOPlugin@@UAE@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?sharedPainter@QPaintDevice@@MBEPAVQPainter@@XZ
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z
?setOption@QImageIOHandler@@UAEXW4ImageOption@1@ABVQVariant@@@Z
?redirected@QPaintDevice@@MBEPAV1@PAVQPoint@@@Z
?paintEngine@QImage@@UBEPAVQPaintEngine@@XZ
?nextImageDelay@QImageIOHandler@@UBEHXZ
?metric@QImage@@MBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?loopCount@QImageIOHandler@@UBEHXZ
?initPainter@QPaintDevice@@MBEXPAVQPainter@@@Z
?devType@QImage@@UBEHXZ
?currentImageRect@QImageIOHandler@@UBE?AVQRect@@XZ
?currentImageNumber@QImageIOHandler@@UBEHXZ
?convertToFormat_helper@QImage@@IBE?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?setText@QImage@@QAEXABVQString@@0@Z
?fromData@QImage@@SA?AV1@ABVQByteArray@@PBD@Z
?invertPixels@QImage@@QAEXW4InvertMode@1@@Z
?scaled@QImage@@QBE?AV1@ABVQSize@@W4AspectRatioMode@Qt@@W4TransformationMode@4@@Z
?createAlphaMask@QImage@@QBE?AV1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?setAlphaChannel@QImage@@QAEXABV1@@Z
?hasAlphaChannel@QImage@@QBE_NXZ
?fill@QImage@@QAEXI@Z
?setPixel@QImage@@QAEXHHI@Z
?bytesPerLine@QImage@@QBEHXZ
?scanLine@QImage@@QAEPAEH@Z
?setColorCount@QImage@@QAEXH@Z
?setColor@QImage@@QAEXHI@Z
?height@QImage@@QBEHXZ
?width@QImage@@QBEHXZ
?isNull@QImage@@QBE_NXZ
??4QImage@@QAEAAV0@$$QAV0@@Z
??4QImage@@QAEAAV0@ABV0@@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@$$QAV0@@Z
??0QImage@@QAE@ABV0@@Z
??0QImage@@QAE@HHW4Format@0@@Z
??0QImage@@QAE@XZ
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z
??1QImageIOHandler@@UAE@XZ
??0QImageIOHandler@@QAE@XZ

qt5core

?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?shared_null@QArrayData@@2QBU1@B
??0QVariant@@QAE@ABVQSize@@@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@XZ
?open@QBuffer@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QBuffer@@UAE@XZ
?ungetChar@QIODevice@@QAEXD@Z
?write@QIODevice@@QAE_JABVQByteArray@@@Z
?write@QIODevice@@QAE_JPBD_J@Z
?read@QIODevice@@QAE?AVQByteArray@@_J@Z
?read@QIODevice@@QAE_JPAD_J@Z
?number@QString@@SA?AV1@HH@Z
??1QString@@QAE@XZ
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?isOpen@QIODevice@@QBE_NXZ
?isReadable@QIODevice@@QBE_NXZ
?isWritable@QIODevice@@QBE_NXZ
??0QMessageLogger@@QAE@PBDH0@Z
?warning@QMessageLogger@@QBAXPBDZZ
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPAU1@II@Z
??0QByteArray@@QAE@XZ
??0QByteArray@@QAE@PBDH@Z
??1QByteArray@@QAE@XZ
?constData@QByteArray@@QBEPBDXZ
?fromRawData@QByteArray@@SA?AV1@PBDH@Z
??0QString@@QAE@VQLatin1String@@@Z
??0QBuffer@@QAE@PAVQByteArray@@PAVQObject@@@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle

vcruntime140

memcpy
memset
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f35b67da68f840bd1d0e451f53ab2a77

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

16:d3:25:d8:15:d9:15:f9:98:ff:a5:6d:ca:18:54:02:e5:29:68:b7Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 316B

.gfids Size: 512B - Virtual size: 76B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 1KB - Virtual size: 1KB

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

16:d3:25:d8:15:d9:15:f9:98:ff:a5:6d:ca:18:54:02:e5:29:68:b7
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 316B

.gfids
Size: 512B - Virtual size: 76B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 1KB - Virtual size: 1KB