d0b37ec2e6a24d6061c18b30072da33a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0b37ec2e6a24d6061c18b30072da33a_JaffaCakes118
Size

107KB
MD5

d0b37ec2e6a24d6061c18b30072da33a
SHA1

7bf602650a7a450b784d2c52dce15466625d37af
SHA256

aa1a4cfea5efd84f18aff554d59ca79bf02224f6156fb00314c2432c0c44dee5
SHA512

702df3625449c3512862cfd2262a1230ec4799e3d3a476194bc1a7d8fbcd9ac022394c2c86f64470040c6a756527115f035c84b6e8b19702b5cfa79658e948e1
SSDEEP

1536:nl5hxySd5dI2QdM9aZZRRLuXjePoSZo3nnrtFXbj8DcL5WqErJwO/sDS:lHI2I1RRL0jMoSZo3r3XkD0KwO/sm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0b37ec2e6a24d6061c18b30072da33a_JaffaCakes118

Files

d0b37ec2e6a24d6061c18b30072da33a_JaffaCakes118
.dll windows:5 windows x64 arch:x64

0048351ceef784353e033b0e7b618efe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oci

OCIAttrGet
OCINumberToInt
OCIEnvCreate
OCIErrorGet
OCIHandleAlloc
OCIDescriptorFree
OCIHandleFree
OCIServerDetach
OCISessionEnd
OCITransStart
OCITransCommit
OCITransRollback
OCILobRead
OCILobGetLength
OCILobCharSetForm
OCIAttrSet
OCIBindArrayOfStruct
OCIStmtExecute
OCIStmtGetPieceInfo
OCIStmtSetPieceInfo
OCIStmtFetch
OCIParamGet
OCIDefineByPos
OCIBindByPos
OCIServerAttach
OCISessionBegin
OCIServerVersion
OCINumberFromInt
OCIStmtPrepare
OCIDescriptorAlloc

qtsql4

?setOpen@QSqlDriver@@MEAAX_N@Z
?staticMetaObject@QSqlDriver@@2UQMetaObject@@B
?qt_metacall@QSqlDriver@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QSqlDriver@@UEAAPEAXPEBD@Z
?virtual_hook@QSqlCachedResult@@MEAAXHPEAX@Z
?boundValueCount@QSqlResult@@IEBAHXZ
?boundValues@QSqlResult@@IEBAAEAV?$QVector@VQVariant@@@@XZ
?init@QSqlCachedResult@@IEAAXH@Z
?hasOutValues@QSqlResult@@IEBA_NXZ
?at@QSqlResult@@IEBAHXZ
?lastQuery@QSqlResult@@IEBA?AVQString@@XZ
?isNull@QSqlQuery@@QEBA_NH@Z
?setDefaultValue@QSqlField@@QEAAXAEBVQVariant@@@Z
?append@QSqlRecord@@QEAAXAEBVQSqlField@@@Z
?prepare@QSqlResult@@MEAA_NAEBVQString@@@Z
?cleanup@QSqlCachedResult@@IEAAXXZ
?numericalPrecisionPolicy@QSqlResult@@IEBA?AW4NumericalPrecisionPolicy@QSql@@XZ
?bindValueType@QSqlResult@@IEBA?AV?$QFlags@W4ParamTypeFlag@QSql@@@@H@Z
?type@QSqlField@@QEBA?AW4Type@QVariant@@XZ
?formatValue@QSqlDriver@@UEBA?AVQString@@AEBVQSqlField@@_N@Z
?value@QSqlField@@QEBA?AVQVariant@@XZ
??0QSqlIndex@@QEAA@AEBVQString@@0@Z
??0QSqlIndex@@QEAA@AEBV0@@Z
??0QSqlQuery@@QEAA@PEAVQSqlResult@@@Z
?isIdentifierEscaped@QSqlDriver@@QEBA_NAEBVQString@@W4IdentifierType@1@@Z
?stripDelimiters@QSqlDriver@@QEBA?AVQString@@AEBV2@W4IdentifierType@1@@Z
?setForwardOnly@QSqlQuery@@QEAAX_N@Z
?exec@QSqlQuery@@QEAA_NAEBVQString@@@Z
?next@QSqlQuery@@QEAA_NXZ
?value@QSqlQuery@@QEBA?AVQVariant@@H@Z
??1QSqlQuery@@QEAA@XZ
?setName@QSqlIndex@@QEAAXAEBVQString@@@Z
?numericalPrecisionPolicy@QSqlQuery@@QEBA?AW4NumericalPrecisionPolicy@QSql@@XZ
?append@QSqlIndex@@QEAAXAEBVQSqlField@@@Z
??1QSqlIndex@@QEAA@XZ
?sqlStatement@QSqlDriver@@UEBA?AVQString@@W4StatementType@1@AEBV2@AEBVQSqlRecord@@_N@Z
?isOpen@QSqlDriver@@UEBA_NXZ
??0QSqlDriver@@QEAA@PEAVQObject@@@Z
?setLastError@QSqlDriver@@MEAAXAEBVQSqlError@@@Z
??1QSqlDriver@@UEAA@XZ
??0QSqlRecord@@QEAA@XZ
?isActive@QSqlResult@@IEBA_NXZ
?isSelect@QSqlResult@@IEBA_NXZ
??0QSqlRecord@@QEAA@AEBV0@@Z
??1QSqlRecord@@QEAA@XZ
?fetchLast@QSqlCachedResult@@MEAA_NXZ
?fetchFirst@QSqlCachedResult@@MEAA_NXZ
?fetchPrevious@QSqlCachedResult@@MEAA_NXZ
?fetchNext@QSqlCachedResult@@MEAA_NXZ
?fetch@QSqlCachedResult@@MEAA_NH@Z
?isNull@QSqlCachedResult@@MEAA_NH@Z
?data@QSqlCachedResult@@MEAA?AVQVariant@@H@Z
?bindValue@QSqlResult@@MEAAXHAEBVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
?bindValue@QSqlResult@@MEAAXAEBVQString@@AEBVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
?savePrepare@QSqlResult@@MEAA_NAEBVQString@@@Z
?setForwardOnly@QSqlResult@@MEAAX_N@Z
?setSelect@QSqlResult@@MEAAX_N@Z
?setQuery@QSqlResult@@MEAAXAEBVQString@@@Z
?setLastError@QSqlResult@@MEAAXAEBVQSqlError@@@Z
?setActive@QSqlResult@@MEAAX_N@Z
?setAt@QSqlResult@@MEAAXH@Z
??0QSqlCachedResult@@IEAA@PEBVQSqlDriver@@@Z
??1QSqlCachedResult@@UEAA@XZ
??0QSqlField@@QEAA@AEBVQString@@W4Type@QVariant@@@Z
?setRequiredStatus@QSqlField@@QEAAXW4RequiredStatus@1@@Z
?setLength@QSqlField@@QEAAXH@Z
?setPrecision@QSqlField@@QEAAXH@Z
?setSqlType@QSqlField@@QEAAXH@Z
??1QSqlField@@QEAA@XZ
??0QSqlError@@QEAA@AEBVQString@@0W4ErrorType@0@H@Z
??1QSqlError@@QEAA@XZ
??1QSqlDriverPlugin@@UEAA@XZ
?qt_metacall@QSqlDriverPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QSqlDriverPlugin@@UEAAPEAXPEBD@Z
?metaObject@QSqlDriverPlugin@@UEBAPEBUQMetaObject@@XZ
??0QSqlDriverPlugin@@QEAA@PEAVQObject@@@Z
?setOpenError@QSqlDriver@@MEAAX_N@Z

qtcore4

?toDateTime@QVariant@@QEBA?AVQDateTime@@XZ
?toList@QVariant@@QEBA?AV?$QList@VQVariant@@@@XZ
?toUInt@QVariant@@QEBAIPEA_N@Z
?toDouble@QVariant@@QEBANPEA_N@Z
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@I@Z
??0QVariant@@QEAA@N@Z
??4QVariant@@QEAAAEAV0@AEBV0@@Z
?toByteArray@QVariant@@QEBA?AVQByteArray@@XZ
??0QVariant@@QEAA@AEBVQByteArray@@@Z
??0QVariant@@QEAA@W4Type@0@@Z
??0QVariant@@QEAA@HPEBX@Z
??0QVariant@@QEAA@AEBVQTime@@@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
??0QVariant@@QEAA@AEBVQDate@@@Z
??0QVariant@@QEAA@AEBVQDateTime@@@Z
??0QVariant@@QEAA@_J@Z
??0QVariant@@QEAA@_K@Z
??0QVariant@@QEAA@AEBVQString@@@Z
?detach@QVariant@@QEAAXXZ
?isNull@QVariant@@QEBA_NXZ
?type@QVariant@@QEBA?AW4Type@1@XZ
?toLongLong@QVariant@@QEBA_JPEA_N@Z
?toULongLong@QVariant@@QEBA_KPEA_N@Z
??0QByteArray@@QEAA@PEBDH@Z
?realloc@QByteArray@@AEAAXH@Z
?userType@QVariant@@QEBAHXZ
?constData@QVariant@@QEBAPEBXXZ
?canConvert@QVariant@@QEBA_NW4Type@1@@Z
?toInt@QVariant@@QEBAHPEA_N@Z
??0QVariant@@QEAA@HPEBXI@Z
?fromLatin1@QString@@SA?AV1@PEBDH@Z
?arg@QString@@QEBA?AV1@AEBV1@HAEBVQChar@@@Z
?arg@QString@@QEBA?AV1@HHHAEBVQChar@@@Z
??0QRegExp@@QEAA@AEBVQString@@W4CaseSensitivity@Qt@@W4PatternSyntax@0@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXPEBD@Z
?disconnectNotify@QObject@@MEAAXPEBD@Z
??8QString@@QEBA_NAEBVQLatin1String@@@Z
?shared_null@QListData@@2UData@1@A
?removeGuard@QMetaObject@@SAXPEAPEAVQObject@@@Z
?changeGuard@QMetaObject@@SAXPEAPEAVQObject@@PEAV2@@Z
??0QString@@QEAA@AEBV0@@Z
?free@QString@@CAXPEAUData@1@@Z
?qFree@@YAXPEAX@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?append@QListData@@QEAAPEAPEAXXZ
??1QString@@QEAA@XZ
?fromLatin1_helper@QString@@CAPEAUData@1@PEBDH@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
??0QString@@QEAA@VQChar@@@Z
?handler@QVariant@@1PEBUHandler@1@EB
?QStringList_join@QtPrivate@@YA?AVQString@@PEBVQStringList@@AEBV2@@Z
?QStringList_contains@QtPrivate@@YA?AVQBool@@PEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z
?tr@QMetaObject@@QEBA?AVQString@@PEBD0@Z
?shared_null@QString@@0UData@1@A
?qWarning@@YAXPEBDZZ
??0QString@@QEAA@PEBVQChar@@@Z
??1QByteArray@@QEAA@XZ
?indexIn@QRegExp@@QEBAHAEBVQString@@HW4CaretMode@1@@Z
?startsWith@QString@@QEBA_NAEBVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?second@QTime@@QEBAHXZ
?minute@QTime@@QEBAHXZ
?hour@QTime@@QEBAHXZ
?time@QDateTime@@QEBA?AVQTime@@XZ
?day@QDate@@QEBAHXZ
?month@QDate@@QEBAHXZ
??4QByteRef@@QEAAAEAV0@D@Z
??AQByteArray@@QEAA?AVQByteRef@@H@Z
?year@QDate@@QEBAHXZ
?date@QDateTime@@QEBA?AVQDate@@XZ
?resize@QByteArray@@QEAAXH@Z
?shared_null@QByteArray@@0UData@1@A
?detach@QByteArray@@QEAAXXZ
??0QByteArray@@QEAA@HD@Z
??0QDateTime@@QEAA@XZ
??0QDateTime@@QEAA@AEBVQDate@@AEBVQTime@@W4TimeSpec@Qt@@@Z
??0QDate@@QEAA@HHH@Z
??0QTime@@QEAA@HHHH@Z
?translate@QCoreApplication@@SA?AVQString@@PEBD00W4Encoding@1@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
?left@QString@@QEBA?AV1@H@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?right@QString@@QEBA?AV1@H@Z
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
??1QVariant@@QEAA@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
?toUpper@QString@@QEBA?AV1@XZ
?isValid@QDate@@QEBA_NXZ
?toDate@QVariant@@QEBA?AVQDate@@XZ
??1QDateTime@@QEAA@XZ
??4QString@@QEAAAEAV0@AEBVQLatin1String@@@Z
?number@QString@@SA?AV1@HH@Z
?isValid@QDateTime@@QEBA_NXZ
?toLocal8Bit@QString@@QEBA?AVQByteArray@@XZ
?append@QString@@QEAAAEAV1@VQChar@@@Z
?insert@QString@@QEAAAEAV1@HVQChar@@@Z
?replace@QString@@QEAAAEAV1@VQChar@@AEBVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?qBadAlloc@@YAXXZ
?qMalloc@@YAPEAX_K@Z
?realloc@QString@@AEAAXXZ
?resize@QString@@QEAAXH@Z
?free@QVectorData@@SAXPEAU1@H@Z
??8QString@@QEBA_NAEBV0@@Z
??0QVariant@@QEAA@AEBV0@@Z
?allocate@QVectorData@@SAPEAU1@HH@Z
??0QString@@QEAA@PEBVQChar@@H@Z
??0QVariant@@QEAA@XZ
?registerType@QMetaType@@SAHPEBDP6AXPEAX@ZP6APEAXPEBX@Z@Z
?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z
?reallocate@QVectorData@@SAPEAU1@PEAU1@HHH@Z
?utf16@QString@@QEBAPEBGXZ
?toInt@QString@@QEBAHPEA_NH@Z
?simplified@QString@@QEBA?AV1@XZ
?mid@QString@@QEBA?AV1@HH@Z
?split@QString@@QEBA?AVQStringList@@AEBVQChar@@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
??1QRegExp@@QEAA@XZ
?cap@QRegExp@@QEAA?AVQString@@H@Z

msvcr100

__CxxFrameHandler3
??2@YAPEAX_K@Z
_CxxThrowException
??_V@YAXPEAX@Z
memset
memcpy
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPEAX@Z

kernel32

EncodePointer
DecodePointer
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Exports

Exports

qt_plugin_instance
qt_plugin_query_verification_data

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0048351ceef784353e033b0e7b618efe

Headers

DLL Characteristics

File Characteristics

Imports

oci

qtsql4

qtcore4

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 482B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 482B