5bbd968659c966f3285be2a9d1d05cda_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bbd968659c966f3285be2a9d1d05cda_JaffaCakes118
Size

84KB
MD5

5bbd968659c966f3285be2a9d1d05cda
SHA1

ae8496ae08b0e5871cb20c46b12c5680111c01af
SHA256

94671a83b26a013f94b3ddaffb98f63f7d4b3491290edd7da26f50c13aeda381
SHA512

dc2760bc780aa04d596e072015a796636a821f5511e790aaa13f06d9f0c81bc16aeb62de7e585f752733b6084ba52da2d942f66b501ac03a1f8d175b850861ec
SSDEEP

1536:FvIgBE6Pn3qtJBtUSzaua7hP/vc3aqsx6BeieOi1f:FvIgvqzUSz5ahM3y8Blvi1f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bbd968659c966f3285be2a9d1d05cda_JaffaCakes118

Files

5bbd968659c966f3285be2a9d1d05cda_JaffaCakes118
.exe windows:1 windows x86 arch:x86

f4fef92fb76b9a8630df2f386283659e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

borlndmm

GetAllocMemCount

vcl40.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@LoadResourceModule$qqrpc
@System@FindHInstance$qqrpv
@System@@LStrCat$qqrv
@System@@LStrFromPChar$qqrr17System@AnsiStringpc
@System@@LStrAsg$qqrv
@System@@LStrClr$qqrr17System@AnsiString
@System@@HandleFinally$qqrv
@System@TObject@$bdtr$qqrv
@System@IsMemoryManagerSet$qqrv
@System@SetMemoryManager$qqrrx21System@TMemoryManager
@System@IsMultiThread
@System@IsConsole
@System@ExitProc
@System@CmdLine
@System@IsLibrary
@System@MainInstance
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Math@initialization$qqrv
@Math@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Consts@initialization$qqrv
@Consts@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@DotSep
@Typinfo@BooleanIdents
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Stdctrls@initialization$qqrv
@Stdctrls@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Stdactns@initialization$qqrv
@Stdactns@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@ShowException$qqrp18Sysutils@Exception
@Forms@TApplication@Initialize$qqrv
@Forms@Application
@Imglist@initialization$qqrv
@Imglist@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistry@ValueExists$qqrx17System@AnsiString
@Registry@TRegistry@ReadString$qqrx17System@AnsiString
@Registry@TRegistry@OpenKey$qqrx17System@AnsiString4bool
@Registry@TRegistry@$bctr$qqrv
@Registry@TRegistry@

kernel32

CreateProcessA
FreeLibrary
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree

cp3245mt

@$bdele$qpv
@_CatchCleanup$qv
__ErrorExit
__ExceptionHandler
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
___raiseDebuggerException
__argc
__argv
__exitargv
__flushall
__setargv
__startup
_abort
_memcpy
_memset

Exports

Exports

@Sysutils@Exception@$bdtr$qqrv
__GetExceptDLLinfo
___CPPdebugHook
___dll_argc
___dll_argv

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f4fef92fb76b9a8630df2f386283659e

Headers

File Characteristics

Imports

borlndmm

vcl40.bpl

kernel32

cp3245mt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 4KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 68KB - Virtual size: 68KB