148f7b346a929a3e655d4dc83e003791_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

148f7b346a929a3e655d4dc83e003791_JaffaCakes118
Size

365KB
MD5

148f7b346a929a3e655d4dc83e003791
SHA1

ada9fc1f2bff9544bcb5978a6e5252f7ca40fba1
SHA256

5963f44ca958c71e62f039dfd9858d0518ec6d4e53f0a8b54db79dba85cc0e9f
SHA512

f65a811ae48f0e1fa3aa42a16ad0fb14b57d29cde82fb56b939d0a443c0a23ed1c43660aca26260f0919d504b10ccbfed12b0e49d493099c48cb219948f26c3b
SSDEEP

6144:STzHOn0APn3mPtpDD0MmHM0bxZRf936Fs2AMxOj9xIu4E:ebC0AP3GD0MK2K4E

Score

1^/10

Malware Config

Signatures

Files

148f7b346a929a3e655d4dc83e003791_JaffaCakes118
.dll windows:6 windows x86 arch:x86

470124f2afa19eb2ff07f1784e7a0492

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2018, 00:00

Not After

09/01/2020, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:b6:1e:62:63:c0:06:ff:5a:bf:e1:d2:be:f5:20:18:fc:c7:4b:11
Signer

Actual PE Digest

d6:b6:1e:62:63:c0:06:ff:5a:bf:e1:d2:be:f5:20:18:fc:c7:4b:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5gui

?sharedPainter@QPaintDevice@@MBEPAVQPainter@@XZ
?redirected@QPaintDevice@@MBEPAV1@PAVQPoint@@@Z
?paintEngine@QImage@@UBEPAVQPaintEngine@@XZ
?metric@QImage@@MBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?jumpToNextImage@QImageIOHandler@@UAE_NXZ
?jumpToImage@QImageIOHandler@@UAE_NH@Z
?initPainter@QPaintDevice@@MBEXPAVQPainter@@@Z
?devType@QImage@@UBEHXZ
?drawImage@QPainter@@QAEXABVQRect@@ABVQImage@@@Z
??1QPainter@@QAE@XZ
??0QPainter@@QAE@PAVQPaintDevice@@@Z
?setOption@QImageIOHandler@@UAEXW4ImageOption@1@ABVQVariant@@@Z
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
??1QImageIOHandler@@UAE@XZ
??0QImageIOHandler@@QAE@XZ
?convertToFormat_helper@QImage@@IBE?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?bytesPerLine@QImage@@QBEHXZ
?byteCount@QImage@@QBEHXZ
?bits@QImage@@QAEPAEXZ
?height@QImage@@QBEHXZ
?width@QImage@@QBEHXZ
?format@QImage@@QBE?AW4Format@1@XZ
?isNull@QImage@@QBE_NXZ
??4QImage@@QAEAAV0@$$QAV0@@Z
??4QImage@@QAEAAV0@ABV0@@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@ABV0@@Z
??0QImage@@QAE@HHW4Format@0@@Z
?invalidate@QColor@@AAEXXZ
??BQColor@@QBE?AVQVariant@@XZ
?fromRgba@QColor@@SA?AV1@I@Z
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
??1QImageIOPlugin@@UAE@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z

qt5core

??6QDebug@@QAEAAV0@PBD@Z
??6QDebug@@QAEAAV0@H@Z
?toInt@QVariant@@QBEHPA_N@Z
??0QVariant@@QAE@ABVQSize@@@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@XZ
?peek@QIODevice@@QAE?AVQByteArray@@_J@Z
?write@QIODevice@@QAE_JPBD_J@Z
?readAll@QIODevice@@QAE?AVQByteArray@@XZ
?endsWith@QByteArray@@QBE_NPBD@Z
?startsWith@QByteArray@@QBE_NPBD@Z
?constData@QByteArray@@QBEPBDXZ
??4QByteArray@@QAEAAV0@$$QAV0@@Z
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@XZ
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?isOpen@QIODevice@@QBE_NXZ
?isReadable@QIODevice@@QBE_NXZ
?isWritable@QIODevice@@QBE_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
??0QMessageLogger@@QAE@PBDH0@Z
?warning@QMessageLogger@@QBAXPBDZZ
?warning@QMessageLogger@@QBE?AVQDebug@@XZ
??1QDebug@@QAE@XZ

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle

vcruntime140

memset
memcpy
memmove
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_pow_precise
_except1

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_cexit
_crt_atexit
_initterm
_initterm_e

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

470124f2afa19eb2ff07f1784e7a0492

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

d6:b6:1e:62:63:c0:06:ff:5a:bf:e1:d2:be:f5:20:18:fc:c7:4b:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 284KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 512B - Virtual size: 7KB

.qtmetad Size: 512B - Virtual size: 292B

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 76B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 7KB - Virtual size: 7KB

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

d6:b6:1e:62:63:c0:06:ff:5a:bf:e1:d2:be:f5:20:18:fc:c7:4b:11
Signer

.text
Size: 284KB - Virtual size: 284KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 512B - Virtual size: 7KB

.qtmetad
Size: 512B - Virtual size: 292B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 76B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 7KB - Virtual size: 7KB