c1026368a56bfaf898cc08bfd57dad7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1026368a56bfaf898cc08bfd57dad7a_JaffaCakes118
Size

52KB
MD5

c1026368a56bfaf898cc08bfd57dad7a
SHA1

0e315dad5aac4e6727c3143a1f4a0eba2a9cd256
SHA256

4d4dcbfb5c5e121c6c108f16334735428e17164926566b67eec384e139574ae3
SHA512

de072f3d7dcf71f3908a1dbe40bd851e1c86edc01985904f4c3f5ab2371dd09df7aa22405e0351f6f7575db3d5d1779e21387206b08117ee2d1f2efec154e7b7
SSDEEP

768:5sR2T1LmFTlfen0msVfLopji1SRBnKcHxI/e8c:uWL/IL6j7RBnKIy/e8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1026368a56bfaf898cc08bfd57dad7a_JaffaCakes118

Files

c1026368a56bfaf898cc08bfd57dad7a_JaffaCakes118
.dll .js windows:6 windows x64 arch:x64 polyglot

911f3efeed30de4f7c2c13a3703f4fe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtvirtualkeyboard\qml\QtQuick\VirtualKeyboard\Styles\qtvirtualkeyboardstylesplugin.pdb

Imports

qt5quick

?requestTexture@QQuickImageProvider@@UEAAPEAVQQuickTextureFactory@@AEBVQString@@PEAVQSize@@AEBV4@@Z
?requestImage@QQuickImageProvider@@UEAA?AVQImage@@AEBVQString@@PEAVQSize@@AEBV4@@Z
?imageType@QQuickImageProvider@@UEBA?AW4ImageType@QQmlImageProviderBase@@XZ
?flags@QQuickImageProvider@@UEBA?AV?$QFlags@W4Flag@QQmlImageProviderBase@@@@XZ
??1QQuickImageProvider@@UEAA@XZ
??0QQuickImageProvider@@QEAA@W4ImageType@QQmlImageProviderBase@@V?$QFlags@W4Flag@QQmlImageProviderBase@@@@@Z

qt5svg

?render@QSvgRenderer@@QEAAXPEAVQPainter@@AEBVQRectF@@@Z
?defaultSize@QSvgRenderer@@QEBA?AVQSize@@XZ
??1QSvgRenderer@@UEAA@XZ
??0QSvgRenderer@@QEAA@AEBVQString@@PEAVQObject@@@Z

qt5gui

??0QColor@@QEAA@W4GlobalColor@Qt@@@Z
??0QPixmap@@QEAA@XZ
??0QPixmap@@QEAA@AEBVQSize@@@Z
??0QPixmap@@QEAA@AEBVQString@@PEBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
??0QPixmap@@QEAA@AEBV0@@Z
??1QPixmap@@UEAA@XZ
??4QPixmap@@QEAAAEAV0@AEBV0@@Z
??4QPixmap@@QEAAAEAV0@$$QEAV0@@Z
??1QPainter@@QEAA@XZ
??0QPainter@@QEAA@PEAVQPaintDevice@@@Z
?scaled@QPixmap@@QEBA?AV1@AEBVQSize@@W4AspectRatioMode@Qt@@W4TransformationMode@4@@Z
?fill@QPixmap@@QEAAXAEBVQColor@@@Z
?rect@QPixmap@@QEBA?AVQRect@@XZ
?size@QPixmap@@QEBA?AVQSize@@XZ

qt5qml

?qmlregister@QQmlPrivate@@YAHW4RegistrationType@1@PEAX@Z
?addImageProvider@QQmlEngine@@QEAAXAEBVQString@@PEAVQQmlImageProviderBase@@@Z
?staticMetaObject@QQmlExtensionPlugin@@2UQMetaObject@@B
?qt_metacast@QQmlExtensionPlugin@@UEAAPEAXPEBD@Z
?qt_metacall@QQmlExtensionPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QQmlExtensionPlugin@@QEAA@PEAVQObject@@@Z
??1QQmlExtensionPlugin@@UEAA@XZ

qt5core

?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
?split@QString@@QEBA?AVQStringList@@VQChar@@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
??M@YA_NAEBVQString@@0@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?dispose@QListData@@SAXPEAUData@1@@Z
??0QRectF@@QEAA@AEBVQRect@@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??1QUrl@@QEAA@XZ
?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?hasQuery@QUrl@@QEBA_NXZ
?query@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
??0QVariant@@QEAA@XZ
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBV0@@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??4QVariant@@QEAAAEAV0@AEBV0@@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
?toInt@QVariant@@QEBAHPEA_N@Z
?shared_null@QMapDataBase@@2U1@B
??0QMessageLogger@@QEAA@PEBDH0@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
??0QUrl@@QEAA@AEBV0@@Z
?isRelative@QUrl@@QEBA_NXZ
?qRegisterResourceData@@YA_NHPEBE00@Z
?qUnregisterResourceData@@YA_NHPEBE00@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
??0QString@@QEAA@VQLatin1String@@@Z

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle

vcruntime140

__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_seh_filter_dll
_initterm
_initterm_e
_configure_narrow_argv

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

911f3efeed30de4f7c2c13a3703f4fe9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5quick

qt5svg

qt5gui

qt5qml

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 960B

.qtmetad Size: 512B - Virtual size: 388B

.gfids Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 160B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 960B

.qtmetad
Size: 512B - Virtual size: 388B

.gfids
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 160B