Overview

overview

4

Static

static

3

2b143324db...18.exe

windows7-x64

4

2b143324db...18.exe

windows10-2004-x64

4

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

1

$PLUGINSDI...os.dll

windows10-2004-x64

1

$PLUGINSDIR/psdll.dll

windows7-x64

1

$PLUGINSDIR/psdll.dll

windows10-2004-x64

1

$TEMP/Hots...w.html

windows7-x64

1

$TEMP/Hots...w.html

windows10-2004-x64

1

$TEMP/Hots...1.html

windows7-x64

1

$TEMP/Hots...1.html

windows10-2004-x64

1

$TEMP/Hots...2.html

windows7-x64

1

$TEMP/Hots...2.html

windows10-2004-x64

1

$TEMP/Hots...3.html

windows7-x64

1

$TEMP/Hots...3.html

windows10-2004-x64

1

$TEMP/Hots...4.html

windows7-x64

1

$TEMP/Hots...4.html

windows10-2004-x64

1

$TEMP/Hots...e.html

windows7-x64

1

$TEMP/Hots...e.html

windows10-2004-x64

1

$TEMP/Hots...e.html

windows7-x64

1

$TEMP/Hots...e.html

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2b143324db838413a7f5785560bcc59b_JaffaCakes118

  • Size

    11.7MB

  • MD5

    2b143324db838413a7f5785560bcc59b

  • SHA1

    70ec7d945279889f8e74757e9dd65a6caf05f73f

  • SHA256

    ebef51116bdc2c8679fe8c068e9bf20b54f9b5aacf94ecfadc228ae79358143c

  • SHA512

    f5f63dc1ae039f0a73579358fdc4b537f6146223c3ac5aa040bea2d0c30c6327e31fcf9f6de9a046128ddc13dcc4e008c9c8c928a4899d408ff91d27303f12a0

  • SSDEEP

    196608:/BzWDrlluS33ccXyysPDpLEMCSgdzQA/WySPHnlN0QvxS/j6fx8SDeBZNC4u5+xJ:5zArRnLob61SgRQRySHnlGQory3UbCh8

Score
3/10

Malware Config

Signatures

  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • 2b143324db838413a7f5785560bcc59b_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    d4b94e8ee3f620a89d114b9da4b31873


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ButtonEvent.dll
    .dll windows:5 windows x86 arch:x86

    263996cb556218d0b46aad0aa85ab301


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:5 windows x86 arch:x86

    138a8451e888111aeb1a118eb1f54604


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    e1c0bd3d5b9f3f5cec7ea773ff66ac6e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    e2ee55bddad4241d619d6a8a38e2d869


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:5 windows x86 arch:x86

    cec059c05e7d2583b129b16b51d1c4af


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisos.dll
    .dll windows:5 windows x86 arch:x86

    2416aa23e84af1f4c1e57a41f407bc3b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/psdll.dll
    .dll windows:5 windows x86 arch:x86

    f2a810184846e30131cbbd7e7652ada1


    Headers

    Imports

    Exports

    Sections

  • $TEMP/Hotspot Shield/html/HSSSlideShow.html
    .html .js polyglot
  • $TEMP/Hotspot Shield/html/HSSSlideShowStep1.html
    .html
  • $TEMP/Hotspot Shield/html/HSSSlideShowStep2.html
    .html
  • $TEMP/Hotspot Shield/html/HSSSlideShowStep3.html
    .html
  • $TEMP/Hotspot Shield/html/HSSSlideShowStep4.html
    .html
  • $TEMP/Hotspot Shield/html/HssFinishPage.html
  • $TEMP/Hotspot Shield/html/HssWelcomePage.html
  • $TEMP/Hotspot Shield/html/img/HSSLogo.png
    .png
  • $TEMP/Hotspot Shield/html/img/logo_grey.bmp
  • $TEMP/Hotspot Shield/html/lang/Arabic.js
    .js
  • $TEMP/Hotspot Shield/html/lang/English.js
    .js
  • $TEMP/Hotspot Shield/html/lang/French.js
    .js
  • $TEMP/Hotspot Shield/html/lang/German.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Indonesian.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Internationalization.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Japanese.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Korean.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Portuguese.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Russian.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Spanish.js
    .js
  • $TEMP/Hotspot Shield/html/lang/Turkish.js
    .js
  • $TEMP/Hotspot Shield/html/scripts/HssFinishPage.js
    .js
  • $TEMP/Hotspot Shield/html/scripts/HssWelcomePage.js
    .js
  • $TEMP/Hotspot Shield/html/scripts/Toolbars.js
    .js
  • $TEMP/Hotspot Shield/html/scripts/UnCloseBrowsers.js
    .js
  • $TEMP/Hotspot Shield/html/scripts/UnUninstallFiles.js
  • $TEMP/Hotspot Shield/html/scripts/common.js
    .js
  • $TEMP/Hotspot Shield/html/scripts/nsidefs.js
    .js
  • $TEMP/Hotspot Shield/html/slider/img/bg.jpg
    .jpg
  • $TEMP/Hotspot Shield/html/slider/img/s.png
    .png
  • $TEMP/Hotspot Shield/html/slider/img/s1.png
    .png
  • $TEMP/Hotspot Shield/html/slider/img/s2.png
    .png
  • $TEMP/Hotspot Shield/html/slider/img/s3.png
    .png
  • $TEMP/Hotspot Shield/html/slider/img/s4.png
    .png
  • $TEMP/Hotspot Shield/html/slider/img/s_icons.png
    .png
  • $TEMP/Hotspot Shield/html/slider/index.html
    .js
  • $TEMP/Hotspot Shield/html/styles/HssFinishPage.css
  • $TEMP/Hotspot Shield/html/styles/HssWelcomePage.css
  • $TEMP/Hotspot Shield/html/styles/styles.css
  • $TEMP/HssInstaller.exe
    .exe windows:5 windows x86 arch:x86

    63ccea0d34f4e0989aec100f0ae91368


    Code Sign

    Headers

    Imports

    Sections

  • bin/HssInstaller.exe
    .exe windows:5 windows x86 arch:x86

    63ccea0d34f4e0989aec100f0ae91368


    Code Sign

    Headers

    Imports

    Sections

  • bin/api-ms-win-core-console-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-datetime-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-debug-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-errorhandling-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-file-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-file-l1-2-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-file-l2-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-handle-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-heap-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-interlocked-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-libraryloader-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-localization-l1-2-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-memory-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-namedpipe-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-processenvironment-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-processthreads-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-processthreads-l1-1-1.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-profile-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-rtlsupport-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-string-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-synch-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-synch-l1-2-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-sysinfo-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-timezone-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-core-util-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-conio-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-convert-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-environment-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-filesystem-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-heap-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-locale-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-math-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-multibyte-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-private-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-process-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-runtime-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-stdio-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-string-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-time-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/api-ms-win-crt-utility-l1-1-0.dll
    .dll windows:10 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • bin/concrt140.dll
    .dll windows:6 windows x86 arch:x86

    a8b026107d3b72f3a87bdc151f131871


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/msvcp140.dll
    .dll windows:6 windows x86 arch:x86

    d08c045be2ea6995d958e5ccb3fd3771


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/ucrtbase.dll
    .dll windows:10 windows x86 arch:x86

    7a86ba02a97907fb532ad47d5e59b822


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/vccorlib140.dll
    .dll windows:6 windows x86 arch:x86

    7d37c0fa21157949b1107cc90660c46d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/vcruntime140.dll
    .dll windows:6 windows x86 arch:x86

    e44143d5ae0c7f7d377cee38e4466c05


    Code Sign

    Headers

    Imports

    Exports

    Sections