5f3518ecba704aa47ee173decbb97c7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f3518ecba704aa47ee173decbb97c7d_JaffaCakes118
Size

846KB
MD5

5f3518ecba704aa47ee173decbb97c7d
SHA1

8a04028d9f5ec9460dbc498afcf3dd7e3b0c4479
SHA256

27d7c7975a82969fc43ba84045ed0b3b16ee629c15a2822892e28537799a9d14
SHA512

e5bf8a93aa49fe442053197cf7b93e22179de7a959b5b9174f6ca011a9027648226fb9eefe6aaa330493d7ae5441be38d3626ab13a47ebd438b52f8ac23fb322
SSDEEP

24576:1JjpsZGJvfDJ7heM8q5mRuo2NM2SjcBSFjYYz1:1JdsGNe7EIuFNKcBSFM6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comdel135613445/千年外挂/sassy.exe
unpack001/cvery.comdel135613445/千年外挂/xiaotutu.dll

Files

5f3518ecba704aa47ee173decbb97c7d_JaffaCakes118
.rar
cvery.comdel135613445/下载说明.htm
.html .js polyglot
cvery.comdel135613445/千年地图/Unit1.dcu
cvery.comdel135613445/千年地图/Unit1.dfm
cvery.comdel135613445/千年地图/Unit1.pas
cvery.comdel135613445/千年地图/Unit1.~dfm
cvery.comdel135613445/千年地图/Unit1.~pas
cvery.comdel135613445/千年地图/WinHex.lnk
.lnk
cvery.comdel135613445/千年地图/map.cfg
cvery.comdel135613445/千年地图/map.dof
cvery.comdel135613445/千年地图/map.dpr
cvery.comdel135613445/千年地图/map.res
cvery.comdel135613445/千年地图/map/1PS.MAP
cvery.comdel135613445/千年地图/map/1TRAIN.MAP
cvery.comdel135613445/千年地图/新建文本文档.txt
cvery.comdel135613445/千年地图信息测试/Unit1.dcu
cvery.comdel135613445/千年地图信息测试/Unit1.dfm
cvery.comdel135613445/千年地图信息测试/Unit1.pas
cvery.comdel135613445/千年地图信息测试/Unit1.~dfm
cvery.comdel135613445/千年地图信息测试/Unit1.~pas
cvery.comdel135613445/千年地图信息测试/WinHex.lnk
.lnk
cvery.comdel135613445/千年地图信息测试/map.cfg
cvery.comdel135613445/千年地图信息测试/map.dof
cvery.comdel135613445/千年地图信息测试/map.dpr
cvery.comdel135613445/千年地图信息测试/map.res
cvery.comdel135613445/千年地图信息测试/map/1PS.MAP
cvery.comdel135613445/千年地图信息测试/map/1TRAIN.MAP
cvery.comdel135613445/千年外挂/Gamecode.dcu
cvery.comdel135613445/千年外挂/Gamecode.pas
cvery.comdel135613445/千年外挂/PackStruct.dcu
cvery.comdel135613445/千年外挂/PackStruct.pas
cvery.comdel135613445/千年外挂/PackStruct.~pas
cvery.comdel135613445/千年外挂/Unit1.dcu
cvery.comdel135613445/千年外挂/Unit1.dfm
cvery.comdel135613445/千年外挂/Unit1.pas
cvery.comdel135613445/千年外挂/Unit1.~dfm
cvery.comdel135613445/千年外挂/Unit1.~pas
cvery.comdel135613445/千年外挂/WinSock2.dcu
cvery.comdel135613445/千年外挂/WinSock2.pas
.js
cvery.comdel135613445/千年外挂/datamanage.dcu
cvery.comdel135613445/千年外挂/datamanage.pas
cvery.comdel135613445/千年外挂/datamanage.~pas
cvery.comdel135613445/千年外挂/dllform.dcu
cvery.comdel135613445/千年外挂/dllform.dfm
cvery.comdel135613445/千年外挂/dllform.pas
cvery.comdel135613445/千年外挂/dllform.~dfm
cvery.comdel135613445/千年外挂/dllform.~pas
cvery.comdel135613445/千年外挂/dog.ico
cvery.comdel135613445/千年外挂/gamepacket.dcu
cvery.comdel135613445/千年外挂/gamepacket.pas
cvery.comdel135613445/千年外挂/gamepacket.~pas
cvery.comdel135613445/千年外挂/hook.dcu
cvery.comdel135613445/千年外挂/hook.pas
cvery.comdel135613445/千年外挂/hook.~pas
cvery.comdel135613445/千年外挂/meimei.bmp
cvery.comdel135613445/千年外挂/meimei.jpg
.jpg
cvery.comdel135613445/千年外挂/sassy.cfg
cvery.comdel135613445/千年外挂/sassy.dof
cvery.comdel135613445/千年外挂/sassy.dpr
cvery.comdel135613445/千年外挂/sassy.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel135613445/千年外挂/sassy.res
cvery.comdel135613445/千年外挂/sendmypack.dcu
cvery.comdel135613445/千年外挂/sendmypack.pas
cvery.comdel135613445/千年外挂/sendmypack.~pas
cvery.comdel135613445/千年外挂/winsock2/WinSock2.pas
.js
cvery.comdel135613445/千年外挂/winsock2/svcguid.pas
cvery.comdel135613445/千年外挂/winsock2/ws2tcpip.inc
cvery.comdel135613445/千年外挂/winsock2/wsipx.inc
cvery.comdel135613445/千年外挂/winsock2/wsnetbs.inc
cvery.comdel135613445/千年外挂/winsock2/wsnwlink.inc
cvery.comdel135613445/千年外挂/ws2tcpip.inc
cvery.comdel135613445/千年外挂/wsipx.inc
cvery.comdel135613445/千年外挂/wsnetbs.inc
cvery.comdel135613445/千年外挂/wsnwlink.inc
cvery.comdel135613445/千年外挂/xiaotutu.cfg
cvery.comdel135613445/千年外挂/xiaotutu.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

endhook
sethook

Sections

CODE
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel135613445/千年外挂/xiaotutu.dof
cvery.comdel135613445/千年外挂/xiaotutu.dpr
cvery.comdel135613445/千年外挂/xiaotutu.res
cvery.comdel135613445/千年外挂/xiaotutu.~dpr
cvery.comdel135613445/千年外挂/千年.lnk
.lnk
cvery.comdel135613445/千年封包加密解密/Ollydbg.lnk
.lnk
cvery.comdel135613445/千年封包加密解密/Project1.cfg
cvery.comdel135613445/千年封包加密解密/Project1.dof
cvery.comdel135613445/千年封包加密解密/Project1.dpr
cvery.comdel135613445/千年封包加密解密/Project1.res
cvery.comdel135613445/千年封包加密解密/Unit1.dcu
cvery.comdel135613445/千年封包加密解密/Unit1.dfm
cvery.comdel135613445/千年封包加密解密/Unit1.pas
cvery.comdel135613445/千年封包加密解密/Unit1.~dfm
cvery.comdel135613445/千年封包加密解密/Unit1.~pas
cvery.comdel135613445/千年封包加密解密/sdfsdf.txt
cvery.comdel135613445/千年封包加密解密/传奇.txt
cvery.comdel135613445/千年封包加密解密/传奇修改delphi.txt
cvery.comdel135613445/千年封包加密解密/传奇的封包加密原码.txt
cvery.comdel135613445/千年封包加密解密/决战加密解密.txt
cvery.comdel135613445/千年封包加密解密/千年加密解密.txt
cvery.comdel135613445/千年封包加密解密/天堂2加密解密代码.txt
cvery.comdel135613445/千年封包加密解密/神迹加密解密.txt
cvery.comdel135613445/千年消息格式/加速封包替换.txt
cvery.comdel135613445/千年消息格式/千年发送消息.txt
cvery.comdel135613445/千年消息格式/千年接收消息.txt
cvery.comdel135613445/封包截取/Gamecode.dcu
cvery.comdel135613445/封包截取/Gamecode.pas
cvery.comdel135613445/封包截取/Gamecode.~pas
cvery.comdel135613445/封包截取/Unit1.dcu
cvery.comdel135613445/封包截取/Unit1.dfm
cvery.comdel135613445/封包截取/Unit1.pas
cvery.comdel135613445/封包截取/Unit1.~dfm
cvery.comdel135613445/封包截取/Unit1.~pas
cvery.comdel135613445/封包截取/WinSock2.dcu
cvery.comdel135613445/封包截取/WinSock2.pas
.js
cvery.comdel135613445/封包截取/WorkThread.dcu
cvery.comdel135613445/封包截取/WorkThread.pas
cvery.comdel135613445/封包截取/WorkThread.~pas
cvery.comdel135613445/封包截取/dllform.dcu
cvery.comdel135613445/封包截取/dllform.dfm
cvery.comdel135613445/封包截取/dllform.pas
cvery.comdel135613445/封包截取/dllform.~dfm
cvery.comdel135613445/封包截取/dllform.~pas
cvery.comdel135613445/封包截取/gamepacket.dcu
cvery.comdel135613445/封包截取/gamepacket.pas
cvery.comdel135613445/封包截取/gamepacket.~pas
cvery.comdel135613445/封包截取/hook.dcu
cvery.comdel135613445/封包截取/hook.pas
cvery.comdel135613445/封包截取/hook.~pas
cvery.comdel135613445/封包截取/meimei.bmp
cvery.comdel135613445/封包截取/meimei.jpg
.jpg
cvery.comdel135613445/封包截取/sassy.dpr
cvery.comdel135613445/封包截取/sassy.res
cvery.comdel135613445/封包截取/sdfasdfsd.dcu
cvery.comdel135613445/封包截取/sdfasdfsd.~dfm
cvery.comdel135613445/封包截取/sdfasdfsd.~pas
cvery.comdel135613445/封包截取/winsock2/WinSock2.pas
.js
cvery.comdel135613445/封包截取/winsock2/svcguid.pas
cvery.comdel135613445/封包截取/winsock2/ws2tcpip.inc
cvery.comdel135613445/封包截取/winsock2/wsipx.inc
cvery.comdel135613445/封包截取/winsock2/wsnetbs.inc
cvery.comdel135613445/封包截取/winsock2/wsnwlink.inc
cvery.comdel135613445/封包截取/ws2tcpip.inc
cvery.comdel135613445/封包截取/wsipx.inc
cvery.comdel135613445/封包截取/wsnetbs.inc
cvery.comdel135613445/封包截取/wsnwlink.inc
cvery.comdel135613445/封包截取/xiaotutu.cfg
cvery.comdel135613445/封包截取/xiaotutu.dof
cvery.comdel135613445/封包截取/xiaotutu.dpr
cvery.comdel135613445/封包截取/xiaotutu.res
cvery.comdel135613445/封包截取/xiaotutu.~dpr
cvery.comdel135613445/封包截取/千年.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 392KB - Virtual size: 392KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 22KB - Virtual size: 22KB

.rsrc Size: 262KB - Virtual size: 262KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 397KB - Virtual size: 396KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 89B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 23KB - Virtual size: 23KB

CODE
Size: 392KB - Virtual size: 392KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 262KB - Virtual size: 262KB

CODE
Size: 397KB - Virtual size: 396KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 89B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 23KB - Virtual size: 23KB