353f37a25af1ad9f1906e0699f549af3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

353f37a25af1ad9f1906e0699f549af3_JaffaCakes118
Size

41KB
MD5

353f37a25af1ad9f1906e0699f549af3
SHA1

0b3f659284616944e69b4946d6560c584a16f635
SHA256

d577a58a92e3f2f960f62c371669511ae0f6bc965406f0a4ed47170aa37bd639
SHA512

d4c3524c857ada876c5ef7946d3b92109bb9031486243c317f0c34c31f4db8ed403edbdd33132c5fb3c3e89ac432c5802649071fad98dc423a4a80d26d60cb7e
SSDEEP

768:C0o9zfUDz9jQG9TwPCORvhqZ043i98gNC1E6Q:C0N9EGVuCuvYtzgChQ

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
353f37a25af1ad9f1906e0699f549af3_JaffaCakes118
unpack001/out.upx

Files

353f37a25af1ad9f1906e0699f549af3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@$xp$43Comp_category_combobox@TFABCategoryComboBox
@$xp$43Comp_category_select_account@TSelectAccount
@$xp$43Comp_category_select_contact@TSelectContact
@$xp$44Comp_category_multi_select_group@TMultiGroup
@$xp$46Comp_category_select_account_manager@TSelectAM
@$xp$47Comp_category_contact_combobox@TContactComboBox
@$xp$49Comp_category_customer_combobox@TCustomerComboBox
@$xp$51Comp_category_contact_combobox@TChangedContactEvent
@$xp$54Comp_category_multi_select_permission@TMultiPermission
@$xp$56Comp_category_multi_select_accountmanager@TMultiSelectAM
@$xp$59Comp_category_sub_category_combobox@TFABSubCategoryComboBox
@Comp_category@@GetPackageInfoTable$qqrv
@Comp_category@@PackageLoad$qqrv
@Comp_category@@PackageUnload$qqrv
@Comp_category@initialization$qqrv
@Comp_category_combo_box_consts@Finalization$qqrv
@Comp_category_combo_box_consts@initialization$qqrv
@Comp_category_combobox@Finalization$qqrv
@Comp_category_combobox@Register$qqrv
@Comp_category_combobox@TFABCategoryComboBox@
@Comp_category_combobox@TFABCategoryComboBox@$bctr$qqrp18Classes@TComponent
@Comp_category_combobox@TFABCategoryComboBox@$bdtr$qqrv
@Comp_category_combobox@TFABCategoryComboBox@AddCategory$qqr17System@AnsiStringt1i
@Comp_category_combobox@TFABCategoryComboBox@DoChange$qqrp14System@TObject
@Comp_category_combobox@TFABCategoryComboBox@FSelectedID$qqrv
@Comp_category_combobox@TFABCategoryComboBox@Init$qqrv
@Comp_category_combobox@TFABCategoryComboBox@SetAll$qqrv
@Comp_category_combobox@TFABCategoryComboBox@SetDefault$qqrv
@Comp_category_combobox@initialization$qqrv
@Comp_category_common@Finalization$qqrv
@Comp_category_common@initialization$qqrv
@Comp_category_consts@Finalization$qqrv
@Comp_category_consts@_CATEGORY_SEARCH
@Comp_category_consts@_NONE
@Comp_category_consts@initialization$qqrv
@Comp_category_contact_combobox@Finalization$qqrv
@Comp_category_contact_combobox@Register$qqrv
@Comp_category_contact_combobox@TContactComboBox@
@Comp_category_contact_combobox@TContactComboBox@$bctr$qqrp18Classes@TComponent
@Comp_category_contact_combobox@TContactComboBox@$bdtr$qqrv
@Comp_category_contact_combobox@TContactComboBox@ContactID$qqrv
@Comp_category_contact_combobox@TContactComboBox@DoChange$qqrp14System@TObject
@Comp_category_contact_combobox@TContactComboBox@Load$qqrv
@Comp_category_contact_combobox@initialization$qqrv
@Comp_category_customer_combobox@Finalization$qqrv
@Comp_category_customer_combobox@Register$qqrv
@Comp_category_customer_combobox@TCustomerComboBox@
@Comp_category_customer_combobox@TCustomerComboBox@$bctr$qqrp18Classes@TComponent
@Comp_category_customer_combobox@TCustomerComboBox@$bdtr$qqrv
@Comp_category_customer_combobox@TCustomerComboBox@DoChange$qqrp14System@TObject
@Comp_category_customer_combobox@TCustomerComboBox@Init$qqr17System@AnsiStringt1
@Comp_category_customer_combobox@TCustomerComboBox@NewCustomer$qqrv
@Comp_category_customer_combobox@TCustomerComboBox@SearchCustomers$qqrv
@Comp_category_customer_combobox@initialization$qqrv
@Comp_category_multi_select_accountmanager@Finalization$qqrv
@Comp_category_multi_select_accountmanager@Register$qqrv
@Comp_category_multi_select_accountmanager@TMultiSelectAM@
@Comp_category_multi_select_accountmanager@TMultiSelectAM@$bctr$qqrp18Classes@TComponent
@Comp_category_multi_select_accountmanager@TMultiSelectAM@AMWebDatasetAfterOpen$qqrp11Db@TDataSet
@Comp_category_multi_select_accountmanager@TMultiSelectAM@FrameResize$qqrp14System@TObject
@Comp_category_multi_select_accountmanager@TMultiSelectAM@GetSearchSQL$qqro
@Comp_category_multi_select_accountmanager@TMultiSelectAM@InitAMSearch$qqrooo
@Comp_category_multi_select_accountmanager@TMultiSelectAM@InitialiseCaptions$qqrv
@Comp_category_multi_select_accountmanager@TMultiSelectAM@buCancelClick$qqrp14System@TObject
@Comp_category_multi_select_accountmanager@TMultiSelectAM@buSelectClick$qqrp14System@TObject
@Comp_category_multi_select_accountmanager@TMultiSelectAM@colIconCustomDrawCell$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp20Cxgraphics@TcxCanvasp50Cxgridcustomtableview@TcxGridTableDataCellViewInforo
@Comp_category_multi_select_accountmanager@initialization$qqrv
@Comp_category_multi_select_group@Finalization$qqrv
@Comp_category_multi_select_group@Register$qqrv
@Comp_category_multi_select_group@TMultiGroup@
@Comp_category_multi_select_group@TMultiGroup@$bctr$qqrp18Classes@TComponent
@Comp_category_multi_select_group@TMultiGroup@AGWebDatasetAfterOpen$qqrp11Db@TDataSet
@Comp_category_multi_select_group@TMultiGroup@FrameResize$qqrp14System@TObject
@Comp_category_multi_select_group@TMultiGroup@GetSearchSQL$qqro
@Comp_category_multi_select_group@TMultiGroup@InitAGSearch$qqrv
@Comp_category_multi_select_group@TMultiGroup@InitialiseCaptions$qqrv
@Comp_category_multi_select_group@TMultiGroup@buCancelClick$qqrp14System@TObject
@Comp_category_multi_select_group@TMultiGroup@buSelectClick$qqrp14System@TObject
@Comp_category_multi_select_group@TMultiGroup@colIconCustomDrawCell$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp20Cxgraphics@TcxCanvasp50Cxgridcustomtableview@TcxGridTableDataCellViewInforo
@Comp_category_multi_select_group@initialization$qqrv
@Comp_category_multi_select_permission@Finalization$qqrv
@Comp_category_multi_select_permission@Register$qqrv
@Comp_category_multi_select_permission@TMultiPermission@
@Comp_category_multi_select_permission@TMultiPermission@$bctr$qqrp18Classes@TComponent
@Comp_category_multi_select_permission@TMultiPermission@FrameResize$qqrp14System@TObject
@Comp_category_multi_select_permission@TMultiPermission@GetSearchSQL$qqro
@Comp_category_multi_select_permission@TMultiPermission@InitPermSearch$qqrv
@Comp_category_multi_select_permission@TMultiPermission@InitialiseCaptions$qqrv
@Comp_category_multi_select_permission@TMultiPermission@PermWebDatasetAfterOpen$qqrp11Db@TDataSet
@Comp_category_multi_select_permission@TMultiPermission@buCancelClick$qqrp14System@TObject
@Comp_category_multi_select_permission@TMultiPermission@buSelectClick$qqrp14System@TObject
@Comp_category_multi_select_permission@TMultiPermission@colIconCustomDrawCell$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp20Cxgraphics@TcxCanvasp50Cxgridcustomtableview@TcxGridTableDataCellViewInforo
@Comp_category_multi_select_permission@TMultiPermission@tvAccountManagerCanSelectRecord$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp41Cxgridcustomtableview@TcxCustomGridRecordro
@Comp_category_multi_select_permission@TMultiPermission@tvAccountManagerCellClick$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp50Cxgridcustomtableview@TcxGridTableDataCellViewInfo21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iQsA
@Comp_category_multi_select_permission@initialization$qqrv
@Comp_category_select_account@Finalization$qqrv
@Comp_category_select_account@Register$qqrv
@Comp_category_select_account@TSelectAccount@
@Comp_category_select_account@TSelectAccount@$bctr$qqrp18Classes@TComponent
@Comp_category_select_account@TSelectAccount@DoChange$qqrp14System@TObject
@Comp_category_select_account@TSelectAccount@FindAccount$qqrv
@Comp_category_select_account@TSelectAccount@LoadContactAccounts$qqr17System@AnsiStringo
@Comp_category_select_account@TSelectAccount@LoadItems$qqrv
@Comp_category_select_account@TSelectAccount@SetOnSelectID$qqrxynpqqrp14System@TObject$v
@Comp_category_select_account@initialization$qqrv
@Comp_category_select_account_manager@Finalization$qqrv
@Comp_category_select_account_manager@Register$qqrv
@Comp_category_select_account_manager@TSelectAM@
@Comp_category_select_account_manager@TSelectAM@$bctr$qqrp18Classes@TComponent
@Comp_category_select_account_manager@TSelectAM@AMWebDatasetAfterOpen$qqrp11Db@TDataSet
@Comp_category_select_account_manager@TSelectAM@FrameResize$qqrp14System@TObject
@Comp_category_select_account_manager@TSelectAM@GetSearchSQL$qqro
@Comp_category_select_account_manager@TSelectAM@InitAMSearch$qqrooo
@Comp_category_select_account_manager@TSelectAM@InitialiseCaptions$qqrv
@Comp_category_select_account_manager@TSelectAM@buCancelClick$qqrp14System@TObject
@Comp_category_select_account_manager@TSelectAM@buSearchClick$qqrp14System@TObject
@Comp_category_select_account_manager@TSelectAM@buSelectClick$qqrp14System@TObject
@Comp_category_select_account_manager@TSelectAM@colIconCustomDrawCell$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp20Cxgraphics@TcxCanvasp50Cxgridcustomtableview@TcxGridTableDataCellViewInforo
@Comp_category_select_account_manager@TSelectAM@edNameEnter$qqrp14System@TObject
@Comp_category_select_account_manager@TSelectAM@tvAccountManagerFocusedRecordChanged$qqrp44Cxgridcustomtableview@TcxCustomGridTableViewp41Cxgridcustomtableview@TcxCustomGridRecordt2o
@Comp_category_select_account_manager@initialization$qqrv
@Comp_category_select_contact@Finalization$qqrv
@Comp_category_select_contact@Register$qqrv
@Comp_category_select_contact@TSelectContact@
@Comp_category_select_contact@TSelectContact@$bctr$qqrp18Classes@TComponent
@Comp_category_select_contact@TSelectContact@DoChange$qqrp14System@TObject
@Comp_category_select_contact@TSelectContact@FindContact$qqrv
@Comp_category_select_contact@TSelectContact@LoadAccountContacts$qqr17System@AnsiStringo
@Comp_category_select_contact@TSelectContact@LoadItems$qqrv
@Comp_category_select_contact@initialization$qqrv
@Comp_category_sub_category_combobox@Finalization$qqrv
@Comp_category_sub_category_combobox@Register$qqrv
@Comp_category_sub_category_combobox@TFABSubCategoryComboBox@
@Comp_category_sub_category_combobox@TFABSubCategoryComboBox@$bctr$qqrp18Classes@TComponent
@Comp_category_sub_category_combobox@TFABSubCategoryComboBox@FSelectedID$qqrv
@Comp_category_sub_category_combobox@TFABSubCategoryComboBox@Init$qqrv
@Comp_category_sub_category_combobox@TFABSubCategoryComboBox@SetCategoryID$qqr17System@AnsiString
@Comp_category_sub_category_combobox@initialization$qqrv
@GetPackageInfoTable
Finalize
Initialize

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 125B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 184KB

UPX1 Size: 25KB - Virtual size: 28KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 45KB - Virtual size: 45KB

DATA Size: 512B - Virtual size: 52B

BSS Size: - Virtual size: 125B

.idata Size: 52KB - Virtual size: 52KB

.edata Size: 11KB - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 30B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 30KB - Virtual size: 30KB

UPX0
Size: - Virtual size: 184KB

UPX1
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 15KB - Virtual size: 16KB

CODE
Size: 45KB - Virtual size: 45KB

DATA
Size: 512B - Virtual size: 52B

BSS
Size: - Virtual size: 125B

.idata
Size: 52KB - Virtual size: 52KB

.edata
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 30B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 30KB - Virtual size: 30KB