29ab12d78a320d272576d6eb54d69aaa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29ab12d78a320d272576d6eb54d69aaa_JaffaCakes118
Size

172KB
MD5

29ab12d78a320d272576d6eb54d69aaa
SHA1

6f15da64f655bce186ab5f1c4def0ae869a5fba7
SHA256

62d4baba693a0a8b3c1f1fca54bbf28a29c00c636c2a28babc367bad2b5ed7c2
SHA512

4f5e6ab864ffddf9937607a6e1121f07705d175b0b818bc56e6eaddbd3a2414081b221d3bc22e38c78e91a0211bc9196f2e615a36247776d9716c2121252b971
SSDEEP

3072:reriTKzY0mfh47W7Su30w20QVORU/dWh2CMUyOTWuAbihBoGnqu4rds+PYdncPDR:IkioS785kw20DRU/kh9MATRAVGqDrdJr

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/cvery.comdel717535362/Provision.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comdel717535362/Provision.exe

Files

29ab12d78a320d272576d6eb54d69aaa_JaffaCakes118
.rar
cvery.comdel717535362/HTTPGetThread.dcu
cvery.comdel717535362/HTTPGetThread.pas
.js
cvery.comdel717535362/MainForm.dcu
cvery.comdel717535362/MainForm.ddp
cvery.comdel717535362/MainForm.dfm
cvery.comdel717535362/MainForm.pas
cvery.comdel717535362/MyHttpGet.dcu
cvery.comdel717535362/MyHttpGet.pas
cvery.comdel717535362/Provision.cfg
cvery.comdel717535362/Provision.dof
cvery.comdel717535362/Provision.dpr
cvery.comdel717535362/Provision.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 141KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cvery.comdel717535362/Provision.res
cvery.comdel717535362/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 141KB - Virtual size: 340KB

DATA Size: 2KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 28KB

.rsrc Size: 6KB - Virtual size: 16KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

CODE
Size: 141KB - Virtual size: 340KB

DATA
Size: 2KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 28KB

.rsrc
Size: 6KB - Virtual size: 16KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB