891a9ef38c3797578b916a0b6c46356c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

891a9ef38c3797578b916a0b6c46356c_JaffaCakes118
Size

40KB
MD5

891a9ef38c3797578b916a0b6c46356c
SHA1

b66e137ab9c348c068ffaa2c18460ee604380a3c
SHA256

74cd8732f8c8f24b8463c820a7183ee6de51fd95fdc72d49e997b17a01cd8f8b
SHA512

382a5a3b9090501c8d59415f88112de1e8555f6c3de796e0d6be3c49098289039292b4804f5701ccd1e513e401d95d3f3e52082805f4a09fe518e620f209232c
SSDEEP

384:kBmZfK7s3bhxwy3Dbn2cXRlY3STqJIMm0P1vHM+GAob+105HBvLf/lRh569v334:uMLhxlVRlY3SWJIH0P1P70ZJ769/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
891a9ef38c3797578b916a0b6c46356c_JaffaCakes118

Files

891a9ef38c3797578b916a0b6c46356c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6969692e1b0f720691692be88cf05594

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtl120.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@FindHInstance$qqrpv
@System@UniqueString$qqrr27System@%AnsiStringT$us$i0$%
@System@@HandleFinally$qqrv
@System@TObject@Dispatch$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@$bdtr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@SetRaiseList$qqrpv
@System@RaiseList$qqrv
@System@IsMemoryManagerSet$qqrv
@System@SetMemoryManager$qqrrx23System@TMemoryManagerEx
@System@IsMultiThread
@System@IsConsole
@System@ExitProc
@System@CmdLine
@System@IsLibrary
@System@MainInstance
@System@ExceptionAcquired
@System@RaiseExceptObjProc
@System@ExceptObjProc
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Types@initialization$qqrv
@Types@Finalization$qqrv
@Rtlconsts@initialization$qqrv
@Rtlconsts@Finalization$qqrv
@Character@initialization$qqrv
@Character@Finalization$qqrv
@Math@initialization$qqrv
@Math@Finalization$qqrv
@Strutils@initialization$qqrv
@Strutils@Finalization$qqrv
@Imagehlp@initialization$qqrv
@Imagehlp@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@Exception@$bdtr$qqrv
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@StrToInt$qqrx20System@UnicodeString
@Sysutils@Exception@
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@DotSep
@Typinfo@BooleanIdents
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TComponent@UpdateRegistry$qqrox20System@UnicodeStringt2
@Classes@TComponent@SafeCallException$qqrp14System@TObjectpv
@Classes@TComponent@WriteState$qqrp15Classes@TWriter
@Classes@TComponent@$bdtr$qqrv
@Classes@TPersistent@Assign$qqrp19Classes@TPersistent
@Classes@TPersistent@$bdtr$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Comconst@initialization$qqrv
@Comconst@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Contnrs@initialization$qqrv
@Contnrs@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Maskutils@initialization$qqrv
@Maskutils@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Strhlpr@initialization$qqrv
@Strhlpr@Finalization$qqrv
@Strhlpr@UnicodeFree$qqrr20System@UnicodeString
@Strhlpr@UnicodeAssign$qqrr20System@UnicodeStringt1
@Strhlpr@UnicodeFromAnsi$qqrr20System@UnicodeStringr31System@%AnsiStringT$us$i65535$%
@Strhlpr@UnicodeFromPChar$qqrr20System@UnicodeStringpc
@Varhlpr@initialization$qqrv
@Varhlpr@Finalization$qqrv
@Widestrutils@initialization$qqrv
@Widestrutils@Finalization$qqrv
@Zlib@initialization$qqrv
@Zlib@Finalization$qqrv

vcl120.bpl

@Consts@initialization$qqrv
@Consts@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Stdctrls@initialization$qqrv
@Stdctrls@Finalization$qqrv
@Stdctrls@TButton@
@Stdctrls@TEdit@
@Stdctrls@TLabel@
@Toolwin@initialization$qqrv
@Toolwin@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Comstrs@initialization$qqrv
@Comstrs@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
@Extdlgs@initialization$qqrv
@Extdlgs@Finalization$qqrv
@Extactns@initialization$qqrv
@Extactns@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Listactns@initialization$qqrv
@Listactns@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Stdactns@initialization$qqrv
@Stdactns@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Controls@TWinControl@UpdateControlOriginalParentSize$qqrp17Controls@TControlr12Types@TPoint
@Controls@TWinControl@DockReplaceDockClient$qqrp17Controls@TControlp20Controls@TWinControlt115Controls@TAlignt1
@Controls@TWinControl@SetParentBackground$qqro
@Controls@TWinControl@CanAutoSize$qqrrit1
@Controls@TWinControl@AssignTo$qqrp19Classes@TPersistent
@Controls@TWinControl@ConstrainedResize$qqrrit1t1t1
@Controls@TWinControl@CanResize$qqrrit1
@Controls@TWinControl@GetClientOrigin$qqrv
@Controls@TWinControl@GetControlExtents$qqrv
@Controls@TWinControl@Repaint$qqrv
@Controls@TWinControl@Update$qqrv
@Controls@TWinControl@Invalidate$qqrv
@Controls@TWinControl@GetDeviceContext$qqrrp6HWND__
@Controls@TWinControl@ShowControl$qqrp17Controls@TControl
@Controls@TWinControl@SetBounds$qqriiii
@Controls@TWinControl@SetParentDoubleBuffered$qqro
@Controls@TWinControl@CustomAlignPosition$qqrp17Controls@TControlrit2t2t2r11Types@TRectrx19Controls@TAlignInfo
@Controls@TWinControl@CustomAlignInsertBefore$qqrp17Controls@TControlt1
@Controls@TWinControl@CreateHandle$qqrv
@Controls@TWinControl@DestroyWnd$qqrv
@Controls@TWinControl@$bdtr$qqrv
@Controls@TControl@InitiateAction$qqrv
@Controls@TControl@GetFloatingDockSiteClass$qqrv
@Controls@TControl@Show$qqrv
@Controls@TControl@Hide$qqrv
@Controls@TControl@SetBiDiMode$qqr17Classes@TBiDiMode
@Controls@TControl@GetText$qqrv
@Controls@TControl@SetEnabled$qqro
@Controls@TControl@SetName$qqrx20System@UnicodeString
@Controls@TControl@SetAutoSize$qqro
@Controls@TControl@SetDragMode$qqr18Controls@TDragMode
@Controls@TControl@GetAction$qqrv
@Controls@TControl@GetEnabled$qqrv
@Controls@TControl@GetDragImages$qqrv
@Controls@TControl@$bdtr$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Imglist@initialization$qqrv
@Imglist@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@SetMainFormOnTaskBar$qqrxo
@Forms@TApplication@ShowException$qqrp18Sysutils@Exception
@Forms@TApplication@Run$qqrv
@Forms@TApplication@CreateForm$qqrp17System@TMetaClasspv
@Forms@TApplication@Initialize$qqrv
@Forms@TCustomForm@QueryInterface$qqsrx5_GUIDpv
@Forms@TCustomForm@RequestAlign$qqrv
@Forms@TCustomForm@UpdateActions$qqrv
@Forms@TCustomForm@ShowModal$qqrv
@Forms@TCustomForm@SetFocus$qqrv
@Forms@TCustomForm@CloseQuery$qqrv
@Forms@TCustomForm@Resizing$qqr18Forms@TWindowState
@Forms@TCustomForm@PaintWindow$qqrp5HDC__
@Forms@TCustomForm@SetFocusedControl$qqrp20Controls@TWinControl
@Forms@TCustomForm@DefaultHandler$qqrpv
@Forms@TCustomForm@DestroyWindowHandle$qqrv
@Forms@TCustomForm@DestroyHandle$qqrv
@Forms@TCustomForm@CreateWindowHandle$qqrrx22Controls@TCreateParams
@Forms@TCustomForm@CreateWnd$qqrv
@Forms@TCustomForm@CreateParams$qqrr22Controls@TCreateParams
@Forms@TCustomForm@AlignControls$qqrp17Controls@TControlr11Types@TRect
@Forms@TCustomForm@WndProc$qqrr17Messages@TMessage
@Forms@TCustomForm@ValidateRename$qqrp18Classes@TComponentx20System@UnicodeStringt2
@Forms@TCustomForm@SetParent$qqrp20Controls@TWinControl
@Forms@TCustomForm@WantChildKey$qqrp17Controls@TControlr17Messages@TMessage
@Forms@TCustomForm@SetParentBiDiMode$qqro
@Forms@TCustomForm@GetFloating$qqrv
@Forms@TCustomForm@GetClientRect$qqrv
@Forms@TCustomForm@DefineProperties$qqrp14Classes@TFiler
@Forms@TCustomForm@ReadState$qqrp15Classes@TReader
@Forms@TCustomForm@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Forms@TCustomForm@Loaded$qqrv
@Forms@TCustomForm@DoDestroy$qqrv
@Forms@TCustomForm@DoCreate$qqrv
@Forms@TCustomForm@$bdtr$qqrv
@Forms@TCustomForm@BeforeDestruction$qqrv
@Forms@TCustomForm@$bctr$qqrp18Classes@TComponenti
@Forms@TCustomForm@AfterConstruction$qqrv
@Forms@TCustomForm@$bctr$qqrp18Classes@TComponent
@Forms@TScrollingWinControl@AdjustClientRect$qqrr11Types@TRect
@Forms@TScrollingWinControl@AutoScrollInView$qqrp17Controls@TControl
@Forms@TScrollingWinControl@AutoScrollEnabled$qqrv
@Forms@TScrollingWinControl@$bdtr$qqrv
@Forms@Application
@$xp$11Forms@TForm
@Forms@TForm@
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Mask@initialization$qqrv
@Mask@Finalization$qqrv
@Grids@initialization$qqrv
@Grids@Finalization$qqrv
@Grids@TCustomGrid@SetRowCount$qqri
@Grids@TCustomGrid@SetColCount$qqri
@Grids@TStringGrid@

borlndmm

ord2

kernel32

FreeLibrary
GetCommandLineW
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree

cc3290mt

@$bdele$qpv
@_CatchCleanup$qv
@_InitTermAndUnexPtrs$qv
@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1
@__GetTypeInfo$qpvt1t1
@__getExceptVarRec$qv
@setExceptionFuncAddr$qpqp17_EXCEPTION_RECORDpp4tpid$pvppqqrp17_EXCEPTION_RECORD$v
@setRaiseListFuncAddr$qpvt1
__ErrorExit
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argc
__argv
__argv_default_expand
__exitargv
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__setargv
__startup
__wargv_default_expand
_free
_malloc
_memcpy

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
_Form1
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6969692e1b0f720691692be88cf05594

Headers

File Characteristics

Imports

rtl120.bpl

vcl120.bpl

borlndmm

kernel32

cc3290mt

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 14KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 14KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 4KB