Overview

overview

3

Static

static

3

hscan1.2/PipeCmd.exe

windows7-x64

1

hscan1.2/PipeCmd.exe

windows10-2004-x64

1

hscan1.2/h...et.htm

windows7-x64

1

hscan1.2/h...et.htm

windows10-2004-x64

1

hscan1.2/hscan.exe

windows7-x64

1

hscan1.2/hscan.exe

windows10-2004-x64

1

PipeCmd.exe

windows7-x64

1

PipeCmd.exe

windows10-2004-x64

1

heibai.net.htm

windows7-x64

1

heibai.net.htm

windows10-2004-x64

1

hscan.exe

windows7-x64

1

hscan.exe

windows10-2004-x64

1

hscangui.exe

windows7-x64

1

hscangui.exe

windows10-2004-x64

1

libmySQL.dll

windows7-x64

3

libmySQL.dll

windows10-2004-x64

3

oncrpc.dll

windows7-x64

1

oncrpc.dll

windows10-2004-x64

1

tools/NTCmd.exe

windows7-x64

1

tools/NTCmd.exe

windows10-2004-x64

1

tools/Sqlcmd.exe

windows7-x64

1

tools/Sqlcmd.exe

windows10-2004-x64

1

tools/cygwinb19.dll

windows7-x64

1

tools/cygwinb19.dll

windows10-2004-x64

1

tools/mysql.exe

windows7-x64

1

tools/mysql.exe

windows10-2004-x64

1

hscan1.2/hscangui.exe

windows7-x64

1

hscan1.2/hscangui.exe

windows10-2004-x64

1

hscan1.2/libmySQL.dll

windows7-x64

3

hscan1.2/libmySQL.dll

windows10-2004-x64

3

hscan1.2/oncrpc.dll

windows7-x64

1

hscan1.2/oncrpc.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    fd78c074189fd22ed6be26746a042784_JaffaCakes118

  • Size

    1.3MB

  • MD5

    fd78c074189fd22ed6be26746a042784

  • SHA1

    178ec2519078d99f29569676e4a4fdf1fe96e3e8

  • SHA256

    7cb5ea5616e46e0e3694737c203906298131b02a871e00838acff5973366cd48

  • SHA512

    75da2e059e71d24de2d0cda7eb51939e3c1dc2c70c9d201e719557cfa78a877e1dc15e738e8f6e53dd96781ffbafbaef63d8b678fa51076b483b2fb42a073944

  • SSDEEP

    24576:6g7bnljbAzP/NeAeClRpgSddqZul7b3A0784a4PKiBYxAanswRM+bik:6g/nljbs/NeAeClzBqWbZDa4PDBSLT3

Score
3/10

Malware Config

Signatures

  • Unsigned PE 18 IoCs

    Checks for missing Authenticode signature.

Files

  • fd78c074189fd22ed6be26746a042784_JaffaCakes118
    .rar
  • hscan1.2/PipeCmd.exe
    .exe windows:4 windows x86 arch:x86

    16128d6b32aaef62be90549abfbee5dd


    Headers

    Imports

    Sections

  • hscan1.2/Readme.txt
  • hscan1.2/conf/common.cgi
  • hscan1.2/conf/ftp_pass.dic
  • hscan1.2/conf/ftp_user.dic
  • hscan1.2/conf/imap_pass.dic
  • hscan1.2/conf/imap_user.dic
  • hscan1.2/conf/ipc_pass.dic
  • hscan1.2/conf/ipc_user.dic
  • hscan1.2/conf/mssql_pass.dic
  • hscan1.2/conf/mssql_user.dic
  • hscan1.2/conf/mysql_pass.dic
  • hscan1.2/conf/mysql_user.dic
  • hscan1.2/conf/nt.cgi
  • hscan1.2/conf/pop_pass.dic
  • hscan1.2/conf/pop_user.dic
  • hscan1.2/conf/rpc.lst
  • hscan1.2/conf/telnet_pass.dic
  • hscan1.2/conf/telnet_user.dic
  • hscan1.2/conf/unix.cgi
  • hscan1.2/heibai.net.htm
    .html
  • hscan1.2/hscan.exe
    .exe windows:4 windows x86 arch:x86

    a12d43068bb05af9291d3267c70d338d


    Headers

    Imports

    Sections

  • hscan1.2/hscan1.2.zip
    .zip
  • PipeCmd.exe
    .exe windows:4 windows x86 arch:x86

    16128d6b32aaef62be90549abfbee5dd


    Headers

    Imports

    Sections

  • Readme.txt
  • ReadmeNow.txt
  • conf/common.cgi
  • conf/ftp_pass.dic
  • conf/ftp_user.dic
  • conf/imap_pass.dic
  • conf/imap_user.dic
  • conf/ipc_pass.dic
  • conf/ipc_user.dic
  • conf/mssql_pass.dic
  • conf/mssql_user.dic
  • conf/mysql_pass.dic
  • conf/mysql_user.dic
  • conf/nt.cgi
  • conf/pop_pass.dic
  • conf/pop_user.dic
  • conf/rpc.lst
  • conf/telnet_pass.dic
  • conf/telnet_user.dic
  • conf/unix.cgi
  • heibai.net.htm
    .html
  • hscan.exe
    .exe windows:4 windows x86 arch:x86

    a12d43068bb05af9291d3267c70d338d


    Headers

    Imports

    Sections

  • hscanconf.ini
  • hscangui.exe
    .exe windows:4 windows x86 arch:x86

    9888023affc8c2ea341a5eaa340aa329


    Headers

    Imports

    Sections

  • libmySQL.dll
    .dll windows:4 windows x86 arch:x86

    006c49710d9884ca7c15f8d95eeb51d4


    Headers

    Imports

    Exports

    Sections

  • oncrpc.dll
    .dll windows:1 windows x86 arch:x86

    2125b46849b9f195b9b037623de522f2


    Headers

    Imports

    Exports

    Sections

  • plugin/fpe2k.hsp
  • plugin/luenum.hsp
  • plugin/qpop.hsp
  • plugin/sunftp.hsp
  • tools/NTCmd.exe
    .exe windows:4 windows x86 arch:x86

    73767e539e9720aff83d4da1db391803


    Headers

    Imports

    Sections

  • tools/Sqlcmd.exe
    .exe windows:4 windows x86 arch:x86

    794cb112594371ed14da81bc0592ca2a


    Headers

    Imports

    Sections

  • tools/cygwinb19.dll
    .dll windows:4 windows x86 arch:x86

    0f068abeaa3b9ee1380205dbc1e98308


    Headers

    Imports

    Exports

    Sections

  • tools/mysql.exe
    .exe windows:4 windows x86 arch:x86

    eebae69bbcdbf0cf9d738e09705f99ee


    Headers

    Imports

    Sections

  • hscan1.2/hscanconf.ini
  • hscan1.2/hscangui.exe
    .exe windows:4 windows x86 arch:x86

    9888023affc8c2ea341a5eaa340aa329


    Headers

    Imports

    Sections

  • hscan1.2/libmySQL.dll
    .dll windows:4 windows x86 arch:x86

    006c49710d9884ca7c15f8d95eeb51d4


    Headers

    Imports

    Exports

    Sections

  • hscan1.2/log/Hscan.log
  • hscan1.2/oncrpc.dll
    .dll windows:1 windows x86 arch:x86

    2125b46849b9f195b9b037623de522f2


    Headers

    Imports

    Exports

    Sections

  • hscan1.2/plugin/fpe2k.hsp
  • hscan1.2/plugin/luenum.hsp
  • hscan1.2/plugin/qpop.hsp
  • hscan1.2/plugin/sunftp.hsp
  • hscan1.2/report/192.168.0.154-192.168.0.154.html
    .html
  • hscan1.2/tools/NTCmd.exe
    .exe windows:4 windows x86 arch:x86

    73767e539e9720aff83d4da1db391803


    Headers

    Imports

    Sections

  • hscan1.2/tools/Sqlcmd.exe
    .exe windows:4 windows x86 arch:x86

    794cb112594371ed14da81bc0592ca2a


    Headers

    Imports

    Sections

  • hscan1.2/tools/cygwinb19.dll
    .dll windows:4 windows x86 arch:x86

    0f068abeaa3b9ee1380205dbc1e98308


    Headers

    Imports

    Exports

    Sections

  • hscan1.2/tools/mysql.exe
    .exe windows:4 windows x86 arch:x86

    eebae69bbcdbf0cf9d738e09705f99ee


    Headers

    Imports

    Sections