e003c2a5c6eef22aaa6bbfa5ac2091c8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e003c2a5c6eef22aaa6bbfa5ac2091c8_JaffaCakes118
Size

237KB
MD5

e003c2a5c6eef22aaa6bbfa5ac2091c8
SHA1

4ed498f009697b58662afa5c7adbd3f448419b3b
SHA256

d614c1ff2c62330ca44b0a2a2f1ed9e5fb6ccce575801a65a140904c09a8d4e3
SHA512

5552c443505a50908a05d836740cc07e7747536f4c1e8f656adf7a47c4d5756d4912404c83b11d4977f0865c2a42eecf1841a070259119057f1e0bb63d70a5c6
SSDEEP

6144:T0hOiqRlS4EQsnlFA61Pu/cBHw9r/IWM3UOt3:T0hOHEQMr1W/cxw9QWw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e003c2a5c6eef22aaa6bbfa5ac2091c8_JaffaCakes118

Files

e003c2a5c6eef22aaa6bbfa5ac2091c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a71799c7feff5ade9aa4e231a62545b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetVersionExW
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte

mingwm10

__mingwthr_key_dtor

msvcrt

_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
_snwprintf
abort
atexit
exit
fclose
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
localeconv
malloc
memchr
memmove
rand
realloc
signal
sprintf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strstr
strtol
wcschr
wcslen

shell32

SHGetFolderPathA

libgcc_s_dw2-1

_Unwind_DeleteException
_Unwind_GetDataRelBase
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__deregister_frame_info
__emutls_get_address
__register_frame_info
__udivdi3
__umoddi3

qtcore4

_Z5qFreePv
_Z5qrandv
_Z6qDebugPKcz
_Z6qsrandj
_ZN10QByteArray7reallocEi
_ZN10QByteArrayC1EPKc
_ZN10QTextCodec12codecForNameERK10QByteArray
_ZN10QTextCodec4cftrE
_ZN16QCoreApplication18applicationDirPathEv
_ZN16QCoreApplication4execEv
_ZN16QCoreApplication9argumentsEv
_ZN16QCoreApplicationC1ERiPPc
_ZN16QCoreApplicationD1Ev
_ZN4QDir7setPathERK7QString
_ZN4QDir8homePathEv
_ZN4QDirC1ERK7QString
_ZN4QDirD1Ev
_ZN5QChar9fromAsciiEc
_ZN5QCharC1Ec
_ZN5QFile11setFileNameERK7QString
_ZN5QFile14setPermissionsERK7QString6QFlagsINS_10PermissionEE
_ZN5QFile4copyERK7QStringS2_
_ZN5QFile4openE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN5QFile5closeEv
_ZN5QFile5flushEv
_ZN5QFile6existsERK7QString
_ZN5QFile6removeERK7QString
_ZN5QFile6renameERK7QStringS2_
_ZN5QFileC1Ev
_ZN5QFileD1Ev
_ZN5QTime11currentTimeEv
_ZN5QTimeC1Eiiii
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10startTimerEi
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QObject11qt_metacastEPKc
_ZN7QObject13connectNotifyEPKc
_ZN7QObject16disconnectNotifyEPKc
_ZN7QObject16staticMetaObjectE
_ZN7QObject5eventEP6QEvent
_ZN7QObject7connectEPKS_PKcS1_S3_N2Qt14ConnectionTypeE
_ZN7QObjectC2EPS_
_ZN7QObjectD2Ev
_ZN7QString11shared_nullE
_ZN7QString13fromLocal8BitEPKci
_ZN7QString14fromWCharArrayEPKwi
_ZN7QString16codecForCStringsE
_ZN7QString16fromAscii_helperEPKci
_ZN7QString4freeEPNS_4DataE
_ZN7QString4growEi
_ZN7QString6appendE5QChar
_ZN7QString6appendERKS_
_ZN7QString7reallocEi
_ZN7QString7replaceE5QCharRKS_N2Qt15CaseSensitivityE
_ZN7QString7replaceE5QCharS0_N2Qt15CaseSensitivityE
_ZN7QString7sprintfEPKcz
_ZN7QString8fromUtf8EPKci
_ZN7QString9fromAsciiEPKci
_ZN7QStringaSERKS_
_ZN8QProcess13startDetachedERK7QString
_ZN8QProcess7executeERK7QString
_ZN8QVariantC1EPKc
_ZN8QVariantC1ERK7QString
_ZN8QVariantC1Ei
_ZN8QVariantC1Ej
_ZN8QVariantC1Ex
_ZN8QVariantD1Ev
_ZN9QDateTime10fromStringERK7QStringS2_
_ZN9QDateTime10fromTime_tEj
_ZN9QDateTime15currentDateTimeEv
_ZN9QDateTimeD1Ev
_ZN9QFileInfoC1ERK7QString
_ZN9QFileInfoD1Ev
_ZN9QIODevice5writeEPKc
_ZN9QSettings10beginGroupERK7QString
_ZN9QSettings8endGroupEv
_ZN9QSettings8setValueERK7QStringRK8QVariant
_ZN9QSettingsC1ERK7QStringNS_6FormatEP7QObject
_ZN9QSettingsD1Ev
_ZNK10QTextCodec9toUnicodeEPKc
_ZNK4QDir5mkdirERK7QString
_ZNK4QDir6existsEv
_ZNK4QDir6mkpathERK7QString
_ZNK4QDir9entryListE6QFlagsINS_6FilterEES0_INS_8SortFlagEE
_ZNK5QFile4sizeEv
_ZNK5QTime6secsToERKS_
_ZNK7QString11lastIndexOfERKS_iN2Qt15CaseSensitivityE
_ZNK7QString11toLocal8BitEv
_ZNK7QString12toWCharArrayEPw
_ZNK7QString4leftEi
_ZNK7QString5toIntEPbi
_ZNK7QString6toUtf8Ev
_ZNK7QString7toAsciiEv
_ZNK7QString8endsWithERK5QCharN2Qt15CaseSensitivityE
_ZNK7QString8endsWithERKS_N2Qt15CaseSensitivityE
_ZNK7QStringeqERK13QLatin1String
_ZNK7QStringeqERKS_
_ZNK8QVariant5toIntEPb
_ZNK8QVariant6toBoolEv
_ZNK8QVariant6toUIntEPb
_ZNK8QVariant8toStringEv
_ZNK9QDateTime8toStringERK7QString
_ZNK9QDateTime8toTime_tEv
_ZNK9QFileInfo5isDirEv
_ZNK9QFileInfo6existsEv
_ZNK9QSettings5valueERK7QStringRK8QVariant

qtnetwork4

_ZN12QLocalServer6listenERK7QString
_ZN12QLocalServerC1EP7QObject

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a71799c7feff5ade9aa4e231a62545b2

Headers

File Characteristics

Imports

kernel32

mingwm10

msvcrt

shell32

libgcc_s_dw2-1

qtcore4

qtnetwork4

Sections

.text Size: 156KB - Virtual size: 156KB

.data Size: 33KB - Virtual size: 32KB

.rdata Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 2KB

.idata Size: 32KB - Virtual size: 32KB

.text
Size: 156KB - Virtual size: 156KB

.data
Size: 33KB - Virtual size: 32KB

.rdata
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 32KB - Virtual size: 32KB