120f849154219d83d8e070f2f8f5e4af_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

120f849154219d83d8e070f2f8f5e4af_JaffaCakes118
Size

331KB
MD5

120f849154219d83d8e070f2f8f5e4af
SHA1

9a62be0572c0adb4f5b9740d73d09914b8b8aaea
SHA256

d84e756df421ffbcb990836d96c2586ec2265115eb7ce59c77ec1ecb9f8a9b23
SHA512

a038889fffd6658ea0e8f47b2677fa6577ae785b1ea22327b6fcb62472037ff60730df2a244c612455dded055dfaf583bdfcc3d3fce4781b6457bc791129e3bc
SSDEEP

6144:XySbckOQDMmGjjOQoYtquPUIvWqNu4MpUOPC9i/be+F1hiueNj9nzSnB:XySbcHQ/GvOQEuPUIvWqNHMXKCy+B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
120f849154219d83d8e070f2f8f5e4af_JaffaCakes118

Files

120f849154219d83d8e070f2f8f5e4af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

161b2ec7f9af70c02a4d39abd58fbda2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoUninitialize

mpeg2lib

dvd_image_OpenA
dvd_image_GetRootDir
dvd_image_OpenDir
dvd_image_CloseDir
dvd_image_Close
MPEG2SetVolume
MPEG2GetFrameData
dvd_image_ReadFile
MPEG2SetPass
fio_read_thread_init
MPEG2GetRatio
MPEG2GetSampleFrequency
ifo_info
MPEG2Seek
MPEG2EndDec
DeCSSParseIFO
dvd_image_OpenFile
dvd_image_CloseFile
free_ifo_info
fio_read_thread_uninit
IsEncrypted
MPEG2InitDec
dvd_image_GetVolume
dvd_image_Seek
MPEG2GetTime

avcodec

av_free_packet
ord77
avpicture_alloc
avcodec_decode_video
avcodec_alloc_frame
avcodec_open
avcodec_find_decoder
avcodec_get_pix_fmt_name
avcodec_find_encoder

avformat

bd_decrypt
ord29
ord38
ord24
av_register_all
ord14
ord10
ord2
av_get_id3image
ord13

avutil

av_free
av_reduce
av_strdup

qtnetwork4

?readAll@QHttp@@QAE?AVQByteArray@@XZ
?setHost@QHttp@@QAEHABVQString@@W4ConnectionMode@1@G@Z
?get@QHttp@@QAEHABVQString@@PAVQIODevice@@@Z
?abort@QHttp@@QAEXXZ
??0QHttp@@QAE@PAVQObject@@@Z
??1QHttp@@UAE@XZ

qtcore4

??1QByteArray@@QAE@XZ
?fromWCharArray@QString@@SA?AV1@PBGH@Z
??4QString@@QAEAAV0@ABV0@@Z
??0QTextStream@@QAE@PAVQIODevice@@@Z
??6QTextStream@@QAEAAV0@ABVQString@@@Z
??1QTextStream@@UAE@XZ
?fromAscii@QString@@SA?AV1@PBDH@Z
?free@QString@@CAXPAUData@1@@Z
??0QString@@QAE@ABV0@@Z
?append@QString@@QAEAAV1@ABV1@@Z
??1QString@@QAE@XZ
??1QDateTime@@QAE@XZ
?detach@QByteArray@@QAEXXZ
?toString@QDateTime@@QBE?AVQString@@ABV2@@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
?shared_null@QByteArray@@0UData@1@A
??1QObject@@UAE@XZ
?toString@QUuid@@QBE?AVQString@@XZ
?createUuid@QUuid@@SA?AU1@XZ
?toUtf8@QString@@QBE?AVQByteArray@@XZ
?connect@QObject@@SA_NPBV1@PBD01W4ConnectionType@Qt@@@Z
??0QTimer@@QAE@PAVQObject@@@Z
??0QFile@@QAE@XZ
??0QObject@@QAE@PAV0@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
??1QFile@@UAE@XZ
?copy@QFile@@QAE_NABVQString@@@Z
?remove@QFile@@SA_NABVQString@@@Z
??4QCharRef@@QAEAAV0@ABVQChar@@@Z
??AQString@@QAE?AVQCharRef@@H@Z
??0QChar@@QAE@D@Z
?close@QFile@@UAEXXZ
?size@QFile@@UBE_JXZ
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QFile@@QAE@ABVQString@@@Z
??YQString@@QAEAAV0@PBD@Z
?tempPath@QDir@@SA?AVQString@@XZ
?mid@QString@@QBE?AV1@HH@Z
?lastIndexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
?fromAscii_helper@QString@@CAPAUData@1@PBDH@Z
??9QString@@QBE_NPBD@Z
?shared_null@QString@@0UData@1@A
?qFree@@YAXPAX@Z
?qvsnprintf@@YAHPADIPBD0@Z
?staticMetaObject@QThread@@2UQMetaObject@@B
?qt_metacall@QThread@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QThread@@UAEPAXPBD@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QObject@@UAEPAXPBD@Z
?start@QThread@@QAEXW4Priority@1@@Z
?wait@QThread@@QAE_NK@Z
?terminate@QThread@@QAEXXZ
??1QThread@@UAE@XZ
??0QThread@@QAE@PAVQObject@@@Z
?system@QLocale@@SA?AV1@XZ
?language@QLocale@@QBE?AW4Language@1@XZ
?contains@QByteArray@@QBE?AVQBool@@PBD@Z
?append@QByteArray@@QAEAAV1@ABV1@@Z
??4QByteArray@@QAEAAV0@ABV0@@Z
??4QByteArray@@QAEAAV0@PBD@Z
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
?replace@QByteArray@@QAEAAV1@PBD0@Z
?fromUtf8@QString@@SA?AV1@PBDH@Z
??0QDir@@QAE@ABVQString@@@Z
?entryInfoList@QDir@@QBE?AV?$QList@VQFileInfo@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z
??0QFileInfo@@QAE@ABV0@@Z
??1QDir@@QAE@XZ
??0QFileInfo@@QAE@ABVQString@@@Z
??0QDataStream@@QAE@PAVQIODevice@@@Z
?readRawData@QDataStream@@QAEHPADH@Z
??1QDataStream@@UAE@XZ
??1QFileInfo@@QAE@XZ
?created@QFileInfo@@QBE?AVQDateTime@@XZ
?toTime_t@QDateTime@@QBEIXZ
?size@QFileInfo@@QBE_JXZ
?fileName@QFileInfo@@QBE?AVQString@@XZ
??0QCoreApplication@@QAE@AAHPAPAD@Z
?start@QTimer@@QAEXH@Z
?setFileName@QFile@@QAEXABVQString@@@Z
?exec@QCoreApplication@@SAHXZ
??1QCoreApplication@@UAE@XZ
?stop@QTimer@@QAEXXZ
?quit@QCoreApplication@@SAXXZ
??1QTimer@@UAE@XZ
?timerEvent@QTimer@@MAEXPAVQTimerEvent@@@Z
?qt_metacall@QTimer@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QTimer@@UAEPAXPBD@Z
?metaObject@QTimer@@UBEPBUQMetaObject@@XZ
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr90

memmove_s
_read
_lseek
_open
_close
_mkdir
_strdup
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
getenv
strncmp
_iob
isprint
strchr
printf
__wgetmainargs
_waccess
_access
_wfopen
fopen
fwrite
ftell
_stricmp
atof
_errno
strerror
isspace
isdigit
malloc
getc
toupper
exit
strncpy
fseek
fread
tolower
??_V@YAXPAX@Z
strstr
atoi
fprintf
__iob_func
fflush
free
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
memset
_snprintf
sprintf
fclose
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
strrchr

winmm

mciSendCommandW
mciSendCommandA

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
CreateEventA
ResetEvent
ReadFile
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
InitializeCriticalSection
CreateSemaphoreW
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
DeviceIoControl
CreateFileA
SetFilePointer
CloseHandle
Sleep
GetTickCount
SetUnhandledExceptionFilter
GetVolumeInformationA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetDriveTypeA
VirtualQuery
GetModuleFileNameW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

161b2ec7f9af70c02a4d39abd58fbda2

Headers

DLL Characteristics

File Characteristics

Imports

ole32

mpeg2lib

avcodec

avformat

avutil

qtnetwork4

qtcore4

msvcp90

msvcr90

winmm

kernel32

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 6KB - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 6KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 688B