3bda78b843f6c842e6d9a809cb104d27_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3bda78b843f6c842e6d9a809cb104d27_JaffaCakes118
Size

843KB
MD5

3bda78b843f6c842e6d9a809cb104d27
SHA1

0c1a7cbeea8086310278ec8c6fe08c055d64757e
SHA256

a38d5f50cca391cbf797073aad68963804d4b7cc76d835251cece9376cd86d66
SHA512

485dc99c544db8df5dc30f5ff0bd1a917e3e478749d35d6fc0c716aa4db0ecf9efd2e7c11b8ee4a9359b9d369ecb2aa15bae2e6cf76d0bfe8c87fdbc52a221f1
SSDEEP

24576:J8OLrf//oir5FKGzyidBos6EZdLgQ9u7Y/wx+jlslD:rrfoe1zyinos6EZdLgQ9+Y/wxIlsl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bda78b843f6c842e6d9a809cb104d27_JaffaCakes118

Files

3bda78b843f6c842e6d9a809cb104d27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

360aa7fc65bf1e51762e9b02c8768710

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

vnchooks

SetHook
SetKeyboardFilterHook
SetKeyboardPriorityHook
SetKeyboardPriorityLLHook
SetMouseFilterHook
SetMousePriorityHook
SetMousePriorityLLHook
UnSetHook
__localInputsDisabled

advapi32

ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateProcessAsUserA
CreateServiceA
DeleteService
DeregisterEventSource
DuplicateTokenEx
FreeSid
GetTokenInformation
GetUserNameA
ImpersonateLoggedOnUser
LookupAccountSidA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
ReportEventA
RevertToSelf
SetServiceStatus
StartServiceCtrlDispatcherA

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreatePalette
CreateRectRgn
CreateRectRgnIndirect
DeleteDC
DeleteObject
ExtEscape
GdiFlush
GetBitmapBits
GetDIBits
GetDeviceCaps
GetObjectA
GetRegionData
GetStockObject
GetSystemPaletteEntries
RealizePalette
SelectObject
SelectPalette

kernel32

AddAtomA
AllocConsole
CloseHandle
CreateFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalLock
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MoveFileA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
ReleaseSemaphore
ResumeThread
SetConsoleCtrlHandler
SetEndOfFile
SetFilePointer
SetLastError
SetProcessShutdownParameters
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

msvcrt

_fdopen
_lseek
_read
_strdup
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_endthreadex
_errno
_iob
_onexit
_setmode
_vsnprintf
abort
atexit
atoi
atol
calloc
ctime
exit
fclose
fflush
fopen
fprintf
fread
free
fseek
ftell
fwrite
getc
getwc
iswctype
malloc
memchr
memcpy
memmove
memset
printf
putc
puts
putwc
rand
setlocale
setvbuf
signal
sprintf
srand
sscanf
strchr
strcmp
strcoll
strcpy
strftime
strlen
strncpy
strrchr
strstr
strtod
strxfrm
time
tolower
towlower
towupper
ungetc
ungetwc
vsprintf
wcscoll
wcsftime
wcslen
wcsxfrm

netapi32

NetApiBufferFree
NetGetDCName
NetUserGetInfo

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

user32

ChangeClipboardChain
ChangeDisplaySettingsA
CloseClipboard
CloseDesktop
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
DrawIconEx
EmptyClipboard
EnumDesktopWindows
EnumDisplaySettingsA
EnumWindows
EqualRect
ExitWindowsEx
FindWindowA
GetAsyncKeyState
GetClassNameA
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetIconInfo
GetKeyboardState
GetMessageA
GetProcessWindowStation
GetPropA
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationA
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IntersectRect
IsIconic
IsRectEmpty
IsWindowVisible
KillTimer
LoadCursorA
MapVirtualKeyA
MessageBeep
MessageBoxA
OpenClipboard
OpenDesktopA
OpenInputDesktop
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RegisterClassExA
RegisterWindowMessageA
ReleaseDC
RemovePropA
SendMessageA
SetClipboardData
SetClipboardViewer
SetForegroundWindow
SetPropA
SetRect
SetThreadDesktop
SetTimer
SetWindowLongA
SystemParametersInfoA
TranslateMessage
VkKeyScanA
WaitMessage
WindowFromPoint
keybd_event
mouse_event

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
getpeername
getsockname
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
recv
select
send
setsockopt
shutdown
socket

italc_core

_Z20qtcpsocketDispatcherPcx13socketOpCodesPv
_ZN10lockWidgetC1ENS_5typesE
_ZN10messageBox17trySysTrayMessageERK7QStringS2_NS_11MessageIconE
_ZN10messageBoxC1ERK7QStringS2_RK7QPixmap
_ZN11localSystem10initializeEPFvibERK7QString
_ZN11localSystem13publicKeyPathEN3ISD9userRolesEb
_ZN11localSystem14activateWindowEP7QWidget
_ZN11localSystem14privateKeyPathEN3ISD9userRolesEb
_ZN11localSystem15enablePrivilegeEPKci
_ZN11localSystem18broadcastWOLPacketERK7QString
_ZN11localSystem5sleepEi
_ZN11localSystem8logLevelE
_ZN11localSystem9logonUserERK7QStringS2_S2_
_ZN11localSystem9parameterERK7QString
_ZN12publicDSAKey4loadERK7QStringS0_
_ZN12publicDSAKeyC1ERK13privateDSAKey
_ZN13isdConnection13gracefulCloseEv
_ZN13ivsConnection20handleServerMessagesEbi
_ZN13ivsConnectionC1ERK7QStringNS_7qualityEbP7QObject
_ZN13privateDSAKeyC1Ej
_ZN16systemKeyTrapperC1Eb
_ZN6dsaKey17generateChallengeEv
_ZN7vncViewC1ERK7QStringP7QWidgetb
_ZNK12publicDSAKey4saveERK7QStringS0_
_ZNK13privateDSAKey4saveERK7QStringS0_
_ZNK6dsaKey15verifySignatureERK10QByteArrayS2_
_ZTV12publicDSAKey
_ZTV6dsaKey
__appInternalChallenge
__role
__systray_icon
lzo1x_1_compress

libeay32

DSA_free

libjpeg

jpeg_CreateCompress
jpeg_destroy_compress
jpeg_finish_compress
jpeg_set_defaults
jpeg_set_quality
jpeg_start_compress
jpeg_std_error
jpeg_write_scanlines

libz

deflate
deflateEnd
deflateInit2_
deflateParams

qtgui4

_ZN10QBoxLayout10setSpacingEi
_ZN10QBoxLayout9addWidgetEP7QWidgeti6QFlagsIN2Qt13AlignmentFlagEE
_ZN11QMessageBox11informationEP7QWidgetRK7QStringS4_6QFlagsINS_14StandardButtonEES6_
_ZN11QMessageBox15setEscapeButtonEP15QAbstractButton
_ZN11QMessageBox16setDefaultButtonEP11QPushButton
_ZN11QMessageBox7warningEP7QWidgetRK7QStringS4_6QFlagsINS_14StandardButtonEES6_
_ZN11QMessageBox8criticalEP7QWidgetRK7QStringS4_6QFlagsINS_14StandardButtonEES6_
_ZN11QMessageBox9addButtonERK7QStringNS_10ButtonRoleE
_ZN11QMessageBoxC1ENS_4IconERK7QStringS3_6QFlagsINS_14StandardButtonEEP7QWidgetS4_IN2Qt10WindowTypeEE
_ZN11QMessageBoxD1Ev
_ZN11QVBoxLayoutC1Ev
_ZN12QApplication16staticMetaObjectE
_ZN12QApplication25setQuitOnLastWindowClosedEb
_ZN12QApplication7desktopEv
_ZN12QApplicationC1ERiPPci
_ZN12QApplicationD1Ev
_ZN15QSystemTrayIcon10setToolTipERK7QString
_ZN15QSystemTrayIcon10setVisibleEb
_ZN15QSystemTrayIconC1ERK5QIconP7QObject
_ZN15QSystemTrayIconD1Ev
_ZN5QIcon7addFileERK7QStringRK5QSizeNS_4ModeENS_5StateE
_ZN5QIconC1ERK7QPixmap
_ZN5QIconC1ERK7QString
_ZN5QIconD1Ev
_ZN6QImageC1ERKS_
_ZN6QImageD1Ev
_ZN7QCursor3posEv
_ZN7QDialog4execEv
_ZN7QLayout9setMarginEi
_ZN7QPixmapC1ERK7QStringPKc6QFlagsIN2Qt19ImageConversionFlagEE
_ZN7QPixmapD1Ev
_ZN7QRegionC1ERK5QRectNS_10RegionTypeE
_ZN7QRegionC1Ev
_ZN7QRegionD1Ev
_ZN7QRegionaSERKS_
_ZN7QRegionpLERKS_
_ZN7QWidget12setAttributeEN2Qt15WidgetAttributeEb
_ZN7QWidget13setWindowIconERK5QIcon
_ZN7QWidget13showMaximizedEv
_ZN7QWidget14setWindowTitleERK7QString
_ZN7QWidget6resizeERK5QSize
_ZN7QWidget9setLayoutEP7QLayout
_ZN7QWidgetC1EPS_6QFlagsIN2Qt10WindowTypeEE
_ZNK11QMessageBox13clickedButtonEv
_ZNK11QMessageBox6buttonENS_14StandardButtonE
_ZNK14QDesktopWidget12screenNumberEPK7QWidget
_ZNK14QDesktopWidget17availableGeometryEi
_ZNK6QImage4rectEv
_ZNK6QImage5widthEv
_ZNK6QImage6heightEv
_ZNK6QImage8scanLineEi
_ZNK7QRegion5rectsEv
_ZNK7QRegion7isEmptyEv
_ZlsR11QDataStreamRK6QImage

qtnetwork4

_ZN10QTcpServer11qt_metacallEN11QMetaObject4CallEiPPv
_ZN10QTcpServer11qt_metacastEPKc
_ZN10QTcpServer16staticMetaObjectE
_ZN10QTcpServer18incomingConnectionEi
_ZN10QTcpServer21nextPendingConnectionEv
_ZN10QTcpServer6listenERK12QHostAddresst
_ZN10QTcpServerC2EP7QObject
_ZN10QTcpServerD2Ev
_ZN10QTcpSocket16staticMetaObjectE
_ZN10QTcpSocketC1EP7QObject
_ZN10QTcpSocketD1Ev
_ZN12QHostAddress10setAddressERK7QString
_ZN12QHostAddressC1ENS_14SpecialAddressE
_ZN12QHostAddressC1ERKS_
_ZN12QHostAddressC1Ev
_ZN12QHostAddressD1Ev
_ZN15QAbstractSocket19setSocketDescriptorEiNS_11SocketStateE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN9QHostInfo13localHostNameEv
_ZN9QHostInfo8fromNameERK7QString
_ZN9QHostInfoD1Ev
_ZNK10QTcpServer10serverPortEv
_ZNK10QTcpServer11errorStringEv
_ZNK10QTcpServer21hasPendingConnectionsEv
_ZNK12QHostAddress8toStringEv
_ZNK9QHostInfo9addressesEv

qtcore4

_Z21qRegisterResourceDataiPKhS0_S0_
_Z23qUnregisterResourceDataiPKhS0_S0_
_Z23qt_qFindChildren_helperPK7QObjectRK7QStringPK7QRegExpRK11QMetaObjectP5QListIPvE
_Z5qFreePv
_Z6qDebugPKcz
_Z8qWarningPKcz
_Z9qCriticalPKcz
_ZN10QByteArray7reallocEi
_ZN10QByteArrayaSERKS_
_ZN11QDataStream11resetStatusEv
_ZN11QDataStream9setStatusENS_6StatusE
_ZN11QDataStreamC1EP9QIODevice
_ZN11QDataStreamD1Ev
_ZN11QDataStreamlsEa
_ZN11QDataStreamlsEi
_ZN11QDataStreamrsERi
_ZN11QTranslator4loadERK7QStringS2_S2_S2_
_ZN11QTranslatorC1EP7QObject
_ZN11QTranslatorD1Ev
_ZN13QSignalMapper10setMappingEP7QObjectS1_
_ZN13QSignalMapperC1EP7QObject
_ZN13QSignalMapperD1Ev
_ZN14QReadWriteLock11lockForReadEv
_ZN14QReadWriteLock12lockForWriteEv
_ZN14QReadWriteLock6unlockEv
_ZN14QReadWriteLockC1Ev
_ZN14QReadWriteLockD1Ev
_ZN14QTemporaryFile4openE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN14QTemporaryFileC1Ev
_ZN14QTemporaryFileD1Ev
_ZN16QCoreApplication14setEventFilterEPFbPvPlE
_ZN16QCoreApplication17installTranslatorEP11QTranslator
_ZN16QCoreApplication4execEv
_ZN16QCoreApplication9argumentsEv
_ZN16QCoreApplicationC1ERiPPc
_ZN4QDir8homePathEv
_ZN5QChar9fromAsciiEc
_ZN5QCharC1Ec
_ZN5QFile14setPermissionsE6QFlagsINS_10PermissionEE
_ZN5QFile5flushEv
_ZN6QMutex4lockEv
_ZN6QMutex6unlockEv
_ZN6QMutexC1ENS_13RecursionModeE
_ZN6QMutexD1Ev
_ZN6QTimer10singleShotEiP7QObjectPKc
_ZN6QTimer5startEi
_ZN6QTimerC1EP7QObject
_ZN6QTimerD1Ev
_ZN7QLocale6systemEv
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10timerEventEP11QTimerEvent
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11deleteLaterEv
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QObject11qt_metacastEPKc
_ZN7QObject13connectNotifyEPKc
_ZN7QObject16disconnectNotifyEPKc
_ZN7QObject16staticMetaObjectE
_ZN7QObject5eventEP6QEvent
_ZN7QObject7connectEPKS_PKcS1_S3_N2Qt14ConnectionTypeE
_ZN7QObjectC2EPS_
_ZN7QObjectD2Ev
_ZN7QString11shared_nullE
_ZN7QString16codecForCStringsE
_ZN7QString16fromAscii_helperEPKci
_ZN7QString4freeEPNS_4DataE
_ZN7QString6appendERKS_
_ZN7QString6insertEi5QChar
_ZN7QString6numberEii
_ZN7QString7reallocEv
_ZN7QString9fromAsciiEPKci
_ZN7QStringaSERKS_
_ZN7QThread11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QThread11qt_metacastEPKc
_ZN7QThread16staticMetaObjectE
_ZN7QThread4execEv
_ZN7QThread4exitEi
_ZN7QThread4waitEm
_ZN7QThread5sleepEm
_ZN7QThread5startENS_8PriorityE
_ZN7QThread6msleepEm
_ZN7QThreadC2EP7QObject
_ZN7QThreadD2Ev
_ZN8QMapData10createDataEv
_ZN8QMapData11node_createEPPNS_4NodeEi
_ZN8QMapData11shared_nullE
_ZN8QMapData16continueFreeDataEi
_ZN8QProcess7executeERK7QString
_ZN8QVariantC1ER11QDataStream
_ZN8QVariantC1ERK10QByteArray
_ZN8QVariantC1ERK7QString
_ZN8QVariantC1ERKS_
_ZN8QVariantC1Ei
_ZN8QVariantD1Ev
_ZN8QVariantaSERKS_
_ZN9QIODevice11qt_metacallEN11QMetaObject4CallEiPPv
_ZN9QIODevice11qt_metacastEPKc
_ZN9QIODevice12readLineDataEPcx
_ZN9QIODevice16waitForReadyReadEi
_ZN9QIODevice19waitForBytesWrittenEi
_ZN9QIODevice4openE6QFlagsINS_12OpenModeFlagEE
_ZN9QIODevice4readEPcx
_ZN9QIODevice4seekEx
_ZN9QIODevice5closeEv
_ZN9QIODevice5resetEv
_ZN9QIODevice5writeEPKcx
_ZN9QIODeviceC2Ev
_ZN9QIODeviceD2Ev
_ZN9QListData11shared_nullE
_ZN9QListData5eraseEPPv
_ZN9QListData6appendEv
_ZN9QListData6removeEi
_ZN9QListData7detach2Ev
_ZN9QListData7prependEv
_ZN9QtPrivate20QStringList_containsEPK11QStringListRK7QStringN2Qt15CaseSensitivityE
_ZNK11QDataStream6statusEv
_ZNK11QMetaObject2trEPKcS1_
_ZNK11QMetaObject4castEP7QObject
_ZNK14QTemporaryFile8fileNameEv
_ZNK7QLocale4nameEv
_ZNK7QString11toLocal8BitEv
_ZNK7QString3argERKS_iRK5QChar
_ZNK7QString4leftEi
_ZNK7QString5splitERK5QCharNS_13SplitBehaviorEN2Qt15CaseSensitivityE
_ZNK7QString5toIntEPbi
_ZNK7QString6toUtf8Ev
_ZNK7QString7indexOfE5QChariN2Qt15CaseSensitivityE
_ZNK7QString7toAsciiEv
_ZNK7QString7toLowerEv
_ZNK7QStringeqERK13QLatin1String
_ZNK7QStringeqERKS_
_ZNK7QStringltERKS_
_ZNK7QThread10metaObjectEv
_ZNK8QVariant11toByteArrayEv
_ZNK8QVariant5toIntEPb
_ZNK8QVariant6toBoolEv
_ZNK8QVariant8toStringEv
_ZNK9QIODevice10metaObjectEv
_ZNK9QIODevice11canReadLineEv
_ZNK9QIODevice12bytesToWriteEv
_ZNK9QIODevice12isSequentialEv
_ZNK9QIODevice14bytesAvailableEv
_ZNK9QIODevice3posEv
_ZNK9QIODevice4sizeEv
_ZNK9QIODevice5atEndEv
_ZlsR11QDataStreamRK7QString
_ZlsR11QDataStreamRK8QVariant
_ZrsR11QDataStreamR7QString
_ZrsR11QDataStreamR8QVariant

Sections

.text
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

360aa7fc65bf1e51762e9b02c8768710

Headers

File Characteristics

Imports

vnchooks

advapi32

gdi32

kernel32

msvcrt

netapi32

psapi

user32

ws2_32

italc_core

libeay32

libjpeg

libz

qtgui4

qtnetwork4

qtcore4

Sections

.text Size: 684KB - Virtual size: 684KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 114KB - Virtual size: 114KB

.bss Size: - Virtual size: 25KB

.idata Size: 22KB - Virtual size: 21KB

.rsrc Size: 19KB - Virtual size: 25KB

.text
Size: 684KB - Virtual size: 684KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 114KB - Virtual size: 114KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 19KB - Virtual size: 25KB