40e9dea1c92bf269d536c2b02106f8d0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

40e9dea1c92bf269d536c2b02106f8d0_JaffaCakes118
Size

13.2MB
MD5

40e9dea1c92bf269d536c2b02106f8d0
SHA1

ee8ed734223043190f5c7601053c312be03770ae
SHA256

a164d28c954aa6891fbb3be7aadd284afad82094e481bdce0e526cbd5f526328
SHA512

56f50707d0bf4c37f8d203093089bb54f978596bf2a4c11117709cfc4f9ea8280c8acbd23dc24363f6429550791e4711a1517d37e5f8b1b8855d0ae50efa9520
SSDEEP

393216:S/SD5rhj0DXxikvOHEZTuyhSU0/FiKCyKqrGmlDeY:NJSXxiWUEUyMU+XKqqmlDeY

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/490518045/vcl/intraweb7.0.21.exe	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/490518045/device.exe
unpack001/490518045/vcl/intraweb7.0.21.exe
unpack001/490518045/vcl/iw7.0.21_d7.exe

Files

40e9dea1c92bf269d536c2b02106f8d0_JaffaCakes118
.rar
490518045/Project1.iwb
490518045/Project1.rav
490518045/ServerController.dcu
490518045/ServerController.ddp
490518045/ServerController.dfm
490518045/ServerController.pas
490518045/Unit1.dcu
490518045/UserSessionUnit.dcu
490518045/UserSessionUnit.ddp
490518045/UserSessionUnit.dfm
490518045/UserSessionUnit.pas
490518045/atmchada.dcu
490518045/atmchada.ddp
490518045/atmchada.dfm
490518045/atmchada.pas
490518045/atmluru.dcu
490518045/atmluru.ddp
490518045/atmluru.dfm
490518045/atmluru.pas
490518045/atmluru1.dcu
490518045/atmluru1.ddp
490518045/atmluru1.dfm
490518045/atmluru1.pas
490518045/data/DEVICE.GDB
490518045/dayin.dcu
490518045/dayin.dfm
490518045/dayin.pas
490518045/device.cfg
490518045/device.dof
490518045/device.dpr
490518045/device.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
490518045/device.iwb
490518045/device.res
490518045/frameatm.dcu
490518045/frameatm.ddp
490518045/frameatm.dfm
490518045/frameatm.pas
490518045/frmchada.backup.rtf
.rtf
490518045/jpg/atmchada.dfm
490518045/jpg/atmchada.pas
490518045/jpg/atmchada.~dfm
490518045/jpg/atmchada.~pas
490518045/jpg/atmmain.dcu
490518045/jpg/atmmain.ddp
490518045/jpg/atmmain.dfm
490518045/jpg/atmmain.pas
490518045/jpg/atmmain.~ddp
490518045/jpg/atmmain.~dfm
490518045/jpg/atmmain.~pas
490518045/jpg/banner.jpg
.jpg
490518045/jpg/frame1.dcu
490518045/jpg/frame1.ddp
490518045/jpg/frame1.dfm
490518045/jpg/frame1.pas
490518045/jpg/frame1.~ddp
490518045/jpg/frame1.~dfm
490518045/jpg/frame1.~pas
490518045/jpg/logo.jpg
.jpg
490518045/jpg/main.dcu
490518045/jpg/main.ddp
490518045/jpg/main.dfm
490518045/jpg/main.pas
490518045/jpg/main.~ddp
490518045/jpg/main.~dfm
490518045/jpg/main.~pas
490518045/login.dcu
490518045/login.ddp
490518045/login.dfm
490518045/login.pas
490518045/publicfun.dcu
490518045/publicfun.pas
490518045/report_portmessage.rav
490518045/test.rav
490518045/test1.rav
490518045/test2.rav
490518045/test3.rav
490518045/vcl/borland.lic
490518045/vcl/intraweb7.0.21.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 210KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
490518045/vcl/iw7.0.21_d7.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
490518045/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 2.2MB - Virtual size: 2.2MB

DATA Size: 88KB - Virtual size: 88KB

BSS Size: - Virtual size: 7KB

.idata Size: 12KB - Virtual size: 12KB

.tls Size: - Virtual size: 32B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 169KB - Virtual size: 168KB

.rsrc Size: 481KB - Virtual size: 481KB

Headers

File Characteristics

Sections

CODE Size: 210KB - Virtual size: 500KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 32KB

.rsrc Size: 282KB - Virtual size: 772KB

.aspack Size: 23KB - Virtual size: 24KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 47KB - Virtual size: 47KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

CODE
Size: 2.2MB - Virtual size: 2.2MB

DATA
Size: 88KB - Virtual size: 88KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 169KB - Virtual size: 168KB

.rsrc
Size: 481KB - Virtual size: 481KB

CODE
Size: 210KB - Virtual size: 500KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 32KB

.rsrc
Size: 282KB - Virtual size: 772KB

.aspack
Size: 23KB - Virtual size: 24KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 47KB - Virtual size: 47KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB