f9c4d36737791ee3424f6c570665d692_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9c4d36737791ee3424f6c570665d692_JaffaCakes118
Size

978KB
MD5

f9c4d36737791ee3424f6c570665d692
SHA1

25907dea187c5c029d1d749089c29c4878dfb49c
SHA256

f023afcbe9e842e44ac3e77656fe9fccecbee40252c557ba0a79d2354c1ddb10
SHA512

d19a7609033c8e9f01c5d44a733ac32451e73217941340fb172286948e1b3556cd330ab763c1d3b7285306c56c6d462621005af916fb87bde53e637dabb0f772
SSDEEP

24576:yRhkPK3v3gxX7Gt2W2wbnbkw6C4KjC6JuQu:yRhkP8vEX7W3SmuQu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9c4d36737791ee3424f6c570665d692_JaffaCakes118

Files

f9c4d36737791ee3424f6c570665d692_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$13Wsocket@TBind
@$xp$13Wsocket@TRecv
@$xp$13Wsocket@TSend
@$xp$14Wsocket@Thtonl
@$xp$14Wsocket@Thtons
@$xp$14Wsocket@Tntohl
@$xp$14Wsocket@Tntohs
@$xp$15Wsocket@TAccept
@$xp$15Wsocket@TListen
@$xp$15Wsocket@TSendTo
@$xp$16Ftpsrv@FtpSrv__3
@$xp$16Wsockbuf@TBuffer
@$xp$16Wsocket@TConnect
@$xp$16Wsocket@TWSocket
@$xp$17Ftpsrv@TFtpServer
@$xp$17Ftpsrv@TFtpString
@$xp$17Smtpprot@TSmtpCli
@$xp$17Smtpprot@TSmtpFct
@$xp$17Wsocket@TDataSent
@$xp$17Wsocket@TRecvFrom
@$xp$17Wsocket@TSendData
@$xp$17Wsocket@TShutdown
@$xp$18Ftpsrvc@TFtpOption
@$xp$18Wsocket@TInet_addr
@$xp$18Wsocket@TInet_ntoa
@$xp$19Ftpsrvc@TFtpCmdType
@$xp$19Ftpsrvc@TFtpOptions
@$xp$19Smtpprot@TSmtpState
@$xp$19Wsocket@TGetSockOpt
@$xp$19Wsocket@TOpenSocket
@$xp$19Wsocket@TSetSockOpt
@$xp$19Wsocket@TSocksState
@$xp$19Wsocket@TWSACleanup
@$xp$19Wsocket@TWSAStartup
@$xp$20Smtpprot@TSmtpFctSet
@$xp$20Wsocket@TChangeState
@$xp$20Wsocket@TCloseSocket
@$xp$20Wsocket@TGetHostName
@$xp$20Wsocket@TGetPeerName
@$xp$20Wsocket@TGetSockName
@$xp$20Wsocket@TIoctlSocket
@$xp$20Wsocket@TSocketState
@$xp$21Ftpsrvc@TCommandEvent
@$xp$21Ftpsrvc@TDisplayEvent
@$xp$21Ftpsrvc@TFtpCtrlState
@$xp$21Smtpprot@TSmtpDisplay
@$xp$21Smtpprot@TSmtpRequest
@$xp$21Smtpprot@TSyncSmtpCli
@$xp$21Wsocket@TDebugDisplay
@$xp$21Wsocket@TSocksWSocket
@$xp$22Ftpsrvc@TFtpCtrlSocket
@$xp$22Smtpprot@SmtpException
@$xp$22Smtpprot@TSmtpNextProc
@$xp$22Wsocket@TCustomWSocket
@$xp$22Wsocket@TDataAvailable
@$xp$22Wsocket@TDnsLookupDone
@$xp$22Wsocket@TGetHostByAddr
@$xp$22Wsocket@TGetHostByName
@$xp$22Wsocket@TGetServByName
@$xp$22Wsocket@TSessionClosed
@$xp$22Wsocket@TWSocketOption
@$xp$23Wsocket@TGetProtoByName
@$xp$23Wsocket@TSocksAuthState
@$xp$23Wsocket@TWSAAsyncSelect
@$xp$23Wsocket@TWSocketOptions
@$xp$24Wsocket@ESocketException
@$xp$24Wsocket@TSocketSendFlags
@$xp$24Wsocket@TSocksErrorEvent
@$xp$24Wsocket@TWSAGetLastError
@$xp$24Wsocket@TWSASetLastError
@$xp$25Ftpsrv@FtpServerException
@$xp$25Ftpsrv@TFtpSrvCommandProc
@$xp$25Smtpprot@TSmtpContentType
@$xp$25Smtpprot@TSmtpRequestDone
@$xp$25Wsocket@TBgExceptionEvent
@$xp$25Wsocket@TSessionAvailable
@$xp$25Wsocket@TSessionConnected
@$xp$26Ftpsrv@TFtpCtrlSocketClass
@$xp$26Smtpprot@TCustomSmtpClient
@$xp$26Smtpprot@TSmtpAttachHeader
@$xp$26Smtpprot@TSmtpGetDataEvent
@$xp$26Wsocket@TCustomLineWSocket
@$xp$26Wsocket@TCustomSyncWSocket
@$xp$26Wsocket@TSocketLingerOnOff
@$xp$27Wsocket@TCustomSocksWSocket
@$xp$28Wsocket@TSocksAuthStateEvent
@$xp$28Wsocket@TSocksAuthentication
@$xp$28Wsocket@TWSocketSyncNextProc
@$xp$29Smtpprot@TSmtpHeaderLineEvent
@$xp$30Ftpsrv@TFtpSrvCommandTableItem
@$xp$30Wsocket@TWSAAsyncGetHostByAddr
@$xp$30Wsocket@TWSAAsyncGetHostByName
@$xp$30Wsocket@TWSACancelAsyncRequest
@$xp$31Ftpsrv@TFtpSrvAuthenticateEvent
@$xp$31Ftpsrv@TFtpSrvRetrDataSentEvent
@$xp$31Ftpsrv@TFtpSrvValidateXferEvent
@$xp$31Ftpsrvc@EFtpCtrlSocketException
@$xp$32Ftpsrv@TFtpSrvClientCommandEvent
@$xp$32Ftpsrv@TFtpSrvClientConnectEvent
@$xp$32Ftpsrv@TFtpSrvDataAvailableEvent
@$xp$32Smtpprot@TSmtpProcessHeaderEvent
@$xp$33Ftpsrv@TFtpSrvAnswerToClientEvent
@$xp$33Ftpsrv@TFtpSrvBuildDirectoryEvent
@$xp$34Ftpsrv@TFtpSrvChangeDirectoryEvent
@$xp$35Smtpprot@TSmtpAttachmentContentType
@$xp$39Ftpsrv@TFtpSrvDataSessionConnectedEvent
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@Ftpsrv@CopyRight
@Ftpsrv@Finalization$qqrv
@Ftpsrv@FtpServerException@
@Ftpsrv@Register$qqrv
@Ftpsrv@TFtpServer@
@Ftpsrv@TFtpServer@$bctr$qqrp18Classes@TComponent
@Ftpsrv@TFtpServer@$bdtr$qqrv
@Ftpsrv@TFtpServer@AddCommand$qqrx17System@AnsiStringxynpqqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2$v
@Ftpsrv@TFtpServer@BuildDirectory$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%p15Classes@TStreamo
@Ftpsrv@TFtpServer@ClientCommand$qqrp14System@TObjectpci
@Ftpsrv@TFtpServer@ClientDataSent$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientPassiveSessionAvailable$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientRetrDataSent$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientRetrSessionClosed$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientRetrSessionConnected$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientSessionClosed$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientStorDataAvailable$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientStorSessionClosed$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ClientStorSessionConnected$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@CommandABOR$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandAPPE$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandCDUP$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandCWD$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandChangeDir$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandDELE$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandDirectory$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2o
@Ftpsrv@TFtpServer@CommandLIST$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandMDTM$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandMKD$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandNLST$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandNOOP$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandPASS$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandPASV$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandPORT$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandPWD$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandQUIT$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandREST$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandRETR$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandRMD$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandRNFR$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandRNTO$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandSIZE$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandSTOR$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandSTRU$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandSYST$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandTYPE$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandUSER$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@CommandXPWD$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@DisconnectAll$qqrv
@Ftpsrv@TFtpServer@GetActive$qqrv
@Ftpsrv@TFtpServer@GetClientCount$qqrv
@Ftpsrv@TFtpServer@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Ftpsrv@TFtpServer@SendAnswer$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%
@Ftpsrv@TFtpServer@SendNextDataChunk$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocket
@Ftpsrv@TFtpServer@ServSocketSessionAvailable$qqrp14System@TObjectus
@Ftpsrv@TFtpServer@ServSocketStateChange$qqrp14System@TObject20Wsocket@TSocketStatet2
@Ftpsrv@TFtpServer@SetActive$qqro
@Ftpsrv@TFtpServer@Start$qqrv
@Ftpsrv@TFtpServer@StartSendData$qqrp22Ftpsrvc@TFtpCtrlSocket
@Ftpsrv@TFtpServer@Stop$qqrv
@Ftpsrv@TFtpServer@TriggerAlterDirectory$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%o
@Ftpsrv@TFtpServer@TriggerAuthenticate$qqrp22Ftpsrvc@TFtpCtrlSocket17System@AnsiStringt2ro
@Ftpsrv@TFtpServer@TriggerBuildDirectory$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%o
@Ftpsrv@TFtpServer@TriggerChangeDirectory$qqrp22Ftpsrvc@TFtpCtrlSocket17System@AnsiStringro
@Ftpsrv@TFtpServer@TriggerClientCommand$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%t2t2
@Ftpsrv@TFtpServer@TriggerClientConnect$qqrp22Ftpsrvc@TFtpCtrlSocketus
@Ftpsrv@TFtpServer@TriggerClientDisconnect$qqrp22Ftpsrvc@TFtpCtrlSocketus
@Ftpsrv@TFtpServer@TriggerMakeDirectory$qqrp22Ftpsrvc@TFtpCtrlSocket17System@AnsiStringro
@Ftpsrv@TFtpServer@TriggerRetrDataSent$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocketus
@Ftpsrv@TFtpServer@TriggerRetrSessionClosed$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocketus
@Ftpsrv@TFtpServer@TriggerRetrSessionConnected$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocketus
@Ftpsrv@TFtpServer@TriggerSendAnswer$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%
@Ftpsrv@TFtpServer@TriggerServerStart$qqrv
@Ftpsrv@TFtpServer@TriggerServerStop$qqrv
@Ftpsrv@TFtpServer@TriggerStorDataAvailable$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocketpcius
@Ftpsrv@TFtpServer@TriggerStorSessionClosed$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocketus
@Ftpsrv@TFtpServer@TriggerStorSessionConnected$qqrp22Ftpsrvc@TFtpCtrlSocketp16Wsocket@TWSocketus
@Ftpsrv@TFtpServer@TriggerValidateDele$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%ro
@Ftpsrv@TFtpServer@TriggerValidateGet$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%ro
@Ftpsrv@TFtpServer@TriggerValidatePut$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%ro
@Ftpsrv@TFtpServer@TriggerValidateRnFr$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%ro
@Ftpsrv@TFtpServer@TriggerValidateRnTo$qqrp22Ftpsrvc@TFtpCtrlSocketr28System@%SmallString$iuc$255%ro
@Ftpsrv@TFtpServer@WMFtpSrvAbortTransfer$qqrr17Messages@TMessage
@Ftpsrv@TFtpServer@WMFtpSrvClientClosed$qqrr17Messages@TMessage
@Ftpsrv@TFtpServer@WMFtpSrvCloseData$qqrr17Messages@TMessage
@Ftpsrv@TFtpServer@WMFtpSrvCloseRequest$qqrr17Messages@TMessage
@Ftpsrv@TFtpServer@WndProc$qqrr17Messages@TMessage
@Ftpsrv@initialization$qqrv
@Ftpsrvc@CopyRight
@Ftpsrvc@EFtpCtrlSocketException@
@Ftpsrvc@Finalization$qqrv
@Ftpsrvc@IsUNC$qqr17System@AnsiString
@Ftpsrvc@PatchIE5$qqrr17System@AnsiString
@Ftpsrvc@TFtpCtrlSocket@
@Ftpsrvc@TFtpCtrlSocket@$bctr$qqrp18Classes@TComponent
@Ftpsrvc@TFtpCtrlSocket@$bdtr$qqrv
@Ftpsrvc@TFtpCtrlSocket@Dup$qqri
@Ftpsrvc@TFtpCtrlSocket@GetPeerAddr$qqrv
@Ftpsrvc@TFtpCtrlSocket@SendAnswer$qqr17System@AnsiString
@Ftpsrvc@TFtpCtrlSocket@SetAbortingTransfer$qqro
@Ftpsrvc@TFtpCtrlSocket@SetDirectory$qqr17System@AnsiString
@Ftpsrvc@TFtpCtrlSocket@SetRcvSize$qqri
@Ftpsrvc@TFtpCtrlSocket@StartConnection$qqrv
@Ftpsrvc@TFtpCtrlSocket@TriggerCommand$qqrpci
@Ftpsrvc@TFtpCtrlSocket@TriggerDataAvailable$qqrus
@Ftpsrvc@TFtpCtrlSocket@TriggerSessionConnected$qqrus
@Ftpsrvc@initialization$qqrv
@Ftpsrvt@CopyRight
@Ftpsrvt@FileUtcStr$qqr17System@AnsiString
@Ftpsrvt@Finalization$qqrv
@Ftpsrvt@initialization$qqrv
@Smtpprot@CopyRight
@Smtpprot@Finalization$qqrv
@Smtpprot@Register$qqrv
@Smtpprot@Rfc822DateTime$qqr16System@TDateTime
@Smtpprot@SmtpException@
@Smtpprot@TCustomSmtpClient@
@Smtpprot@TCustomSmtpClient@$bctr$qqrp18Classes@TComponent
@Smtpprot@TCustomSmtpClient@$bdtr$qqrv
@Smtpprot@TCustomSmtpClient@Abort$qqrv
@Smtpprot@TCustomSmtpClient@CheckReady$qqrv
@Smtpprot@TCustomSmtpClient@ClearErrorMessage$qqrv
@Smtpprot@TCustomSmtpClient@Connect$qqrv
@Smtpprot@TCustomSmtpClient@Data$qqrv
@Smtpprot@TCustomSmtpClient@DataNext$qqrv
@Smtpprot@TCustomSmtpClient@DisplayLastResponse$qqrv
@Smtpprot@TCustomSmtpClient@DoHighLevelAsync$qqrv
@Smtpprot@TCustomSmtpClient@DoUUEncode$qqrrpvr17System@AnsiStringro
@Smtpprot@TCustomSmtpClient@EndUUEncode$qqrrpv
@Smtpprot@TCustomSmtpClient@ExecAsync$qqr21Smtpprot@TSmtpRequest17System@AnsiStringpxusxiynpqqrv$v
@Smtpprot@TCustomSmtpClient@Helo$qqrv
@Smtpprot@TCustomSmtpClient@HighLevelAsync$qqr21Smtpprot@TSmtpRequest45System@%Set$t17Smtpprot@TSmtpFct$iuc$0$iuc$8%
@Smtpprot@TCustomSmtpClient@InitUUEncode$qqrrpv17System@AnsiString
@Smtpprot@TCustomSmtpClient@Mail$qqrv
@Smtpprot@TCustomSmtpClient@MailFrom$qqrv
@Smtpprot@TCustomSmtpClient@NextExecAsync$qqrv
@Smtpprot@TCustomSmtpClient@Open$qqrv
@Smtpprot@TCustomSmtpClient@Quit$qqrv
@Smtpprot@TCustomSmtpClient@RcptTo$qqrv
@Smtpprot@TCustomSmtpClient@RcptToDone$qqrv
@Smtpprot@TCustomSmtpClient@RcptToNext$qqrv
@Smtpprot@TCustomSmtpClient@Rset$qqrv
@Smtpprot@TCustomSmtpClient@SendCommand$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@SetContentType$qqr25Smtpprot@TSmtpContentType
@Smtpprot@TCustomSmtpClient@SetErrorMessage$qqrv
@Smtpprot@TCustomSmtpClient@SetMailMessage$qqrp16Classes@TStrings
@Smtpprot@TCustomSmtpClient@SetRcptName$qqrp16Classes@TStrings
@Smtpprot@TCustomSmtpClient@StateChange$qqr19Smtpprot@TSmtpState
@Smtpprot@TCustomSmtpClient@TriggerCommand$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@TriggerDisplay$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@TriggerGetData$qqripciro
@Smtpprot@TCustomSmtpClient@TriggerHeaderLine$qqrpci
@Smtpprot@TCustomSmtpClient@TriggerProcessHeader$qqrp16Classes@TStrings
@Smtpprot@TCustomSmtpClient@TriggerRequestDone$qqrus
@Smtpprot@TCustomSmtpClient@TriggerResponse$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@TriggerSessionClosed$qqrus
@Smtpprot@TCustomSmtpClient@TriggerSessionConnected$qqrus
@Smtpprot@TCustomSmtpClient@TriggerStateChange$qqrv
@Smtpprot@TCustomSmtpClient@Vrfy$qqrv
@Smtpprot@TCustomSmtpClient@WMSmtpRequestDone$qqrr17Messages@TMessage
@Smtpprot@TCustomSmtpClient@WSocketDataAvailable$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketDataSent$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketDnsLookupDone$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketSessionClosed$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketSessionConnected$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WndProc$qqrr17Messages@TMessage
@Smtpprot@TSmtpCli@
@Smtpprot@TSmtpCli@$bctr$qqrp18Classes@TComponent
@Smtpprot@TSmtpCli@$bdtr$qqrv
@Smtpprot@TSmtpCli@Data$qqrv
@Smtpprot@TSmtpCli@PrepareEMail$qqrv
@Smtpprot@TSmtpCli@SetEMailFiles$qqrp16Classes@TStrings
@Smtpprot@TSmtpCli@TriggerAttachContentType$qqrir17System@AnsiStringt2
@Smtpprot@TSmtpCli@TriggerAttachHeader$qqri17System@AnsiStringp16Classes@TStrings
@Smtpprot@TSmtpCli@TriggerGetData$qqripciro
@Smtpprot@TSmtpCli@TriggerHeaderLine$qqrpci
@Smtpprot@TSyncSmtpCli@
@Smtpprot@TSyncSmtpCli@$bctr$qqrp18Classes@TComponent
@Smtpprot@TSyncSmtpCli@AbortSync$qqrv
@Smtpprot@TSyncSmtpCli@ConnectSync$qqrv
@Smtpprot@TSyncSmtpCli@DataSync$qqrv
@Smtpprot@TSyncSmtpCli@HeloSync$qqrv
@Smtpprot@TSyncSmtpCli@MailFromSync$qqrv
@Smtpprot@TSyncSmtpCli@MailSync$qqrv
@Smtpprot@TSyncSmtpCli@OpenSync$qqrv
@Smtpprot@TSyncSmtpCli@QuitSync$qqrv
@Smtpprot@TSyncSmtpCli@RcptToSync$qqrv
@Smtpprot@TSyncSmtpCli@RsetSync$qqrv
@Smtpprot@TSyncSmtpCli@Synchronize$qqrynpqqrv$v
@Smtpprot@TSyncSmtpCli@VrfySync$qqrv
@Smtpprot@TSyncSmtpCli@WaitUntilReady$qqrv
@Smtpprot@initialization$qqrv
@Wsockbuf@Finalization$qqrv
@Wsockbuf@TBuffer@
@Wsockbuf@TBuffer@$bctr$qqri
@Wsockbuf@TBuffer@$bdtr$qqrv
@Wsockbuf@TBuffer@Peek$qqrri
@Wsockbuf@TBuffer@Read$qqrpvi
@Wsockbuf@TBuffer@Remove$qqri
@Wsockbuf@TBuffer@SetBufSize$qqri
@Wsockbuf@TBuffer@Write$qqrpvi
@Wsockbuf@initialization$qqrv
@Wsocket@CopyRight
@Wsocket@ESocketException@
@Wsocket@FAccept
@Wsocket@FBind
@Wsocket@FCloseSocket
@Wsocket@FConnect
@Wsocket@FGetHostByAddr
@Wsocket@FGetHostByName
@Wsocket@FGetHostName
@Wsocket@FGetPeerName
@Wsocket@FGetProtoByName
@Wsocket@FGetServByName
@Wsocket@FGetSockName
@Wsocket@FGetSockOpt
@Wsocket@FInet_addr
@Wsocket@FInet_ntoa
@Wsocket@FIoctlSocket
@Wsocket@FListen
@Wsocket@FOpenSocket
@Wsocket@FRecv
@Wsocket@FRecvFrom
@Wsocket@FSend
@Wsocket@FSendTo
@Wsocket@FSetSockOpt
@Wsocket@FShutdown
@Wsocket@FWSAAsyncGetHostByAddr
@Wsocket@FWSAAsyncGetHostByName
@Wsocket@FWSAAsyncSelect
@Wsocket@FWSACancelAsyncRequest
@Wsocket@FWSACleanup
@Wsocket@FWSAGetLastError
@Wsocket@FWSASetLastError
@Wsocket@FWSAStartup
@Wsocket@Fhtonl
@Wsocket@Fhtons
@Wsocket@Finalization$qqrv
@Wsocket@Fntohl
@Wsocket@Fntohs
@Wsocket@LocalHostName$qqrv
@Wsocket@LocalIPList$qqrv
@Wsocket@Register$qqrv
@Wsocket@TCustomLineWSocket@
@Wsocket@TCustomLineWSocket@$bctr$qqrp18Classes@TComponent
@Wsocket@TCustomLineWSocket@$bdtr$qqrv
@Wsocket@TCustomLineWSocket@DoRecv$qqrpvii
@Wsocket@TCustomLineWSocket@EditLine$qqrri
@Wsocket@TCustomLineWSocket@GetRcvdCount$qqrv
@Wsocket@TCustomLineWSocket@SetLineMode$qqro
@Wsocket@TCustomLineWSocket@TriggerDataAvailable$qqrus
@Wsocket@TCustomLineWSocket@TriggerSessionClosed$qqrus
@Wsocket@TCustomLineWSocket@WMTriggerDataAvailable$qqrr17Messages@TMessage
@Wsocket@TCustomLineWSocket@WndProc$qqrr17Messages@TMessage
@Wsocket@TCustomSocksWSocket@
@Wsocket@TCustomSocksWSocket@AssignDefaultValue$qqrv
@Wsocket@TCustomSocksWSocket@Connect$qqrv
@Wsocket@TCustomSocksWSocket@DataAvailableError$qqri17System@AnsiString
@Wsocket@TCustomSocksWSocket@DoRecv$qqrpvii
@Wsocket@TCustomSocksWSocket@GetRcvdCount$qqrv
@Wsocket@TCustomSocksWSocket@Listen$qqrv
@Wsocket@TCustomSocksWSocket@SetSocksLevel$qqr17System@AnsiString
@Wsocket@TCustomSocksWSocket@SetSocksPort$qqr17System@AnsiString
@Wsocket@TCustomSocksWSocket@SetSocksServer$qqr17System@AnsiString
@Wsocket@TCustomSocksWSocket@SocksDoAuthenticate$qqrv
@Wsocket@TCustomSocksWSocket@SocksDoConnect$qqrv
@Wsocket@TCustomSocksWSocket@TriggerDataAvailable$qqrus
@Wsocket@TCustomSocksWSocket@TriggerSessionClosed$qqrus
@Wsocket@TCustomSocksWSocket@TriggerSessionConnected$qqrus
@Wsocket@TCustomSocksWSocket@TriggerSocksAuthState$qqr23Wsocket@TSocksAuthState
@Wsocket@TCustomSocksWSocket@TriggerSocksConnected$qqrus
@Wsocket@TCustomSocksWSocket@TriggerSocksError$qqri17System@AnsiString
@Wsocket@TCustomSyncWSocket@
@Wsocket@TCustomSyncWSocket@InternalDataAvailable$qqrp14System@TObjectus
@Wsocket@TCustomSyncWSocket@ReadLine$qqrir17System@AnsiString
@Wsocket@TCustomSyncWSocket@Synchronize$qqrynpqqrv$vro
@Wsocket@TCustomSyncWSocket@WaitUntilReady$qqrro
@Wsocket@TCustomWSocket@
@Wsocket@TCustomWSocket@$bctr$qqrp18Classes@TComponent
@Wsocket@TCustomWSocket@$bdtr$qqrv
@Wsocket@TCustomWSocket@ASyncReceive$qqrus
@Wsocket@TCustomWSocket@Abort$qqrv
@Wsocket@TCustomWSocket@Accept$qqrv
@Wsocket@TCustomWSocket@AssignDefaultValue$qqrv
@Wsocket@TCustomWSocket@BindSocket$qqrv
@Wsocket@TCustomWSocket@CancelDnsLookup$qqrv
@Wsocket@TCustomWSocket@ChangeState$qqr20Wsocket@TSocketState
@Wsocket@TCustomWSocket@Close$qqrv
@Wsocket@TCustomWSocket@CloseDelayed$qqrv
@Wsocket@TCustomWSocket@Connect$qqrv
@Wsocket@TCustomWSocket@DeleteBufferedData$qqrv
@Wsocket@TCustomWSocket@DnsLookup$qqr17System@AnsiString
@Wsocket@TCustomWSocket@DoRecv$qqrpvii
@Wsocket@TCustomWSocket@DoRecvFrom$qqripviir11sockaddr_inri
@Wsocket@TCustomWSocket@Dup$qqri
@Wsocket@TCustomWSocket@Flush$qqrv
@Wsocket@TCustomWSocket@GetAddr$qqrv
@Wsocket@TCustomWSocket@GetPeerAddr$qqrv
@Wsocket@TCustomWSocket@GetPeerName$qqrr11sockaddr_ini
@Wsocket@TCustomWSocket@GetPeerPort$qqrv
@Wsocket@TCustomWSocket@GetProto$qqrv
@Wsocket@TCustomWSocket@GetRcvdCount$qqrv
@Wsocket@TCustomWSocket@GetRemotePort$qqrv
@Wsocket@TCustomWSocket@GetSendFlags$qqrv
@Wsocket@TCustomWSocket@GetSockName$qqrr11sockaddr_inri
@Wsocket@TCustomWSocket@GetXPort$qqrv
@Wsocket@TCustomWSocket@HandleBackGroundException$qqrp18Sysutils@Exception
@Wsocket@TCustomWSocket@InternalClose$qqrous
@Wsocket@TCustomWSocket@Listen$qqrv
@Wsocket@TCustomWSocket@MessageLoop$qqrv
@Wsocket@TCustomWSocket@MessagePump$qqrv
@Wsocket@TCustomWSocket@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Wsocket@TCustomWSocket@Pause$qqrv
@Wsocket@TCustomWSocket@PeekData$qqrpvi
@Wsocket@TCustomWSocket@ProcessMessage$qqrv
@Wsocket@TCustomWSocket@ProcessMessages$qqrv
@Wsocket@TCustomWSocket@PutDataInSendBuffer$qqrpvi
@Wsocket@TCustomWSocket@PutStringInSendBuffer$qqr17System@AnsiString
@Wsocket@TCustomWSocket@RaiseException$qqrx17System@AnsiString
@Wsocket@TCustomWSocket@RaiseExceptionFmt$qqrx17System@AnsiStringpx14System@TVarRecxi
@Wsocket@TCustomWSocket@RealSend$qqrpvi
@Wsocket@TCustomWSocket@Receive$qqrpvi
@Wsocket@TCustomWSocket@ReceiveFrom$qqrpvir11sockaddr_inri
@Wsocket@TCustomWSocket@ReceiveStr$qqrv
@Wsocket@TCustomWSocket@Release$qqrv
@Wsocket@TCustomWSocket@Resume$qqrv
@Wsocket@TCustomWSocket@ReverseDnsLookup$qqr17System@AnsiString
@Wsocket@TCustomWSocket@Send$qqrpvi
@Wsocket@TCustomWSocket@SendStr$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SendText$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SendTo$qqrrx11sockaddr_inipvi
@Wsocket@TCustomWSocket@SetAddr$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SetLingerOption$qqrv
@Wsocket@TCustomWSocket@SetLocalAddr$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SetLocalPort$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SetProto$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SetRemotePort$qqr17System@AnsiString
@Wsocket@TCustomWSocket@SetSendFlags$qqr24Wsocket@TSocketSendFlags
@Wsocket@TCustomWSocket@Shutdown$qqri
@Wsocket@TCustomWSocket@SocketError$qqr17System@AnsiString
@Wsocket@TCustomWSocket@TimerClear$qqrr7timeval
@Wsocket@TCustomWSocket@TimerCmp$qqrr7timevalt1o
@Wsocket@TCustomWSocket@TimerIsSet$qqrr7timeval
@Wsocket@TCustomWSocket@TriggerChangeState$qqr20Wsocket@TSocketStatet1
@Wsocket@TCustomWSocket@TriggerDNSLookupDone$qqrus
@Wsocket@TCustomWSocket@TriggerDataAvailable$qqrus
@Wsocket@TCustomWSocket@TriggerDataSent$qqrus
@Wsocket@TCustomWSocket@TriggerDisplay$qqr17System@AnsiString
@Wsocket@TCustomWSocket@TriggerError$qqrv
@Wsocket@TCustomWSocket@TriggerSendData$qqri
@Wsocket@TCustomWSocket@TriggerSessionAvailable$qqrus
@Wsocket@TCustomWSocket@TriggerSessionClosed$qqrus
@Wsocket@TCustomWSocket@TriggerSessionConnected$qqrus
@Wsocket@TCustomWSocket@TryToSend$qqrv
@Wsocket@TCustomWSocket@WMASyncSelect$qqrr17Messages@TMessage
@Wsocket@TCustomWSocket@WMAsyncGetHostByAddr$qqrr17Messages@TMessage
@Wsocket@TCustomWSocket@WMAsyncGetHostByName$qqrr17Messages@TMessage
@Wsocket@TCustomWSocket@WMCloseDelayed$qqrr17Messages@TMessage
@Wsocket@TCustomWSocket@WMRelease$qqrr17Messages@TMessage
@Wsocket@TCustomWSocket@WaitForClose$qqrv
@Wsocket@TCustomWSocket@WndProc$qqrr17Messages@TMessage
@Wsocket@TSocksWSocket@
@Wsocket@TWSocket@
@Wsocket@WSocketCancelForceLoadWinsock$qqrv
@Wsocket@WSocketErrorDesc$qqri
@Wsocket@WSocketForceLoadWinsock$qqrv
@Wsocket@WSocketGCount
@Wsocket@WSocketGForced
@Wsocket@WSocketGetHostByAddr$qqr17System@AnsiString
@Wsocket@WSocketGetHostByName$qqr17System@AnsiString
@Wsocket@WSocketGetProc$qqrx17System@AnsiString
@Wsocket@WSocketIsDottedIP$qqrx17System@AnsiString
@Wsocket@WSocketResolveHost$qqr17System@AnsiString
@Wsocket@WSocketResolveIp$qqr17System@AnsiString
@Wsocket@WSocketResolvePort$qqr17System@AnsiStringt1
@Wsocket@WSocketResolveProto$qqr17System@AnsiString
@Wsocket@WSocketUnloadWinsock$qqrv
@Wsocket@WSocket_WSAAsyncGetHostByAddr$qqruiipciit3i
@Wsocket@WSocket_WSAAsyncGetHostByName$qqruiipct3i
@Wsocket@WSocket_WSAAsyncSelect$qqriuiii
@Wsocket@WSocket_WSACancelAsyncRequest$qqrui
@Wsocket@WSocket_WSACleanup$qqrv
@Wsocket@WSocket_WSAGetLastError$qqrv
@Wsocket@WSocket_WSASetLastError$qqri
@Wsocket@WSocket_WSAStartup$qqrusr7WSAData
@Wsocket@WSocket_accept$qqrip11sockaddr_inpi
@Wsocket@WSocket_bind$qqrir11sockaddr_ini
@Wsocket@WSocket_closesocket$qqri

Sections

Size: 383KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 587KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 383KB - Virtual size: 1.9MB

.rsrc Size: 4KB - Virtual size: 7KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 587KB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 7KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 587KB - Virtual size: 1.3MB