6385b9a325c9632abd8fe0fbc49897c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6385b9a325c9632abd8fe0fbc49897c5_JaffaCakes118
Size

297KB
MD5

6385b9a325c9632abd8fe0fbc49897c5
SHA1

ee86135b5058a9456b78075833f9a6cbb2be4b6d
SHA256

3523f8b2107c473b709c9f57b45216128d81a1cf579361c4d11dd614d0f38187
SHA512

d311cff2b58d27a15cc878557de522916703f80d4e362eabb8f3130083081a3a56801863d47a4571f861e70a0a8c751d53a131536e8f4f5113a3c353819c7f48
SSDEEP

6144:/axEWRZAbvLVakh0fC+l7jbCXW/MDUtwSwzifKgojUrnwa+vw:34kBakuTRGbQeSwzibKQwI

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.dll
unpack001/cvery.comdel630543535672455/Project1.exe

Files

6385b9a325c9632abd8fe0fbc49897c5_JaffaCakes118
.rar
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.cfg
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.dof
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.dpr
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.res
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload.tlb
cvery.comdel630543535672455/DDKFileUpload/DDKFileUpload_TLB.pas
cvery.comdel630543535672455/DDKFileUpload/FileUpload.asp
.html .vbs polyglot
cvery.comdel630543535672455/DDKFileUpload/delall.bat
cvery.comdel630543535672455/DDKFileUpload/reg_upload.asp
cvery.comdel630543535672455/DDKFileUpload/untFileUpload.pas
cvery.comdel630543535672455/DDKFileUpload/untFunctions.pas
cvery.comdel630543535672455/DDKFileUpload/up.asp
.vbs
cvery.comdel630543535672455/Project1.cfg
cvery.comdel630543535672455/Project1.dof
cvery.comdel630543535672455/Project1.dpr
cvery.comdel630543535672455/Project1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel630543535672455/Project1.res
cvery.comdel630543535672455/Unit1.dfm
cvery.comdel630543535672455/Unit1.pas
cvery.comdel630543535672455/delall.bat
cvery.comdel630543535672455/namelist.xml
.xml
cvery.comdel630543535672455/untDDkFileUpThread.pas
cvery.comdel630543535672455/untDataTransmit.pas
cvery.comdel630543535672455/untGlobaFun.pas
cvery.comdel630543535672455/untHttpConnection.pas
cvery.comdel630543535672455/untHttpDownload.pas
cvery.comdel630543535672455/untHttpHeaderObj.pas
cvery.comdel630543535672455/untHttpObj.pas
.js
cvery.comdel630543535672455/untHttpSocket.pas
cvery.comdel630543535672455/untUploadFile.pas
.js
cvery.comdel630543535672455/下载说明.htm
.html .js polyglot
cvery.comdel630543535672455/阅读器下载.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 339KB - Virtual size: 338KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 170B

.reloc Size: 24KB - Virtual size: 23KB

.rsrc Size: 24KB - Virtual size: 24KB

Headers

File Characteristics

Sections

CODE Size: 439KB - Virtual size: 438KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 34KB - Virtual size: 34KB

.rsrc Size: 29KB - Virtual size: 29KB

CODE
Size: 339KB - Virtual size: 338KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 170B

.reloc
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 24KB - Virtual size: 24KB

CODE
Size: 439KB - Virtual size: 438KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 29KB - Virtual size: 29KB