Overview

overview

7

Static

static

3

2b7c6bbfad...18.exe

windows7-x64

7

2b7c6bbfad...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PROFILE/L...up.exe

windows7-x64

7

$PROFILE/L...up.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

AxInterop...._7.dll

windows7-x64

1

AxInterop...._7.dll

windows10-2004-x64

1

FreePDFReading.exe

windows7-x64

1

FreePDFReading.exe

windows10-2004-x64

1

Interop.SX..._7.dll

windows7-x64

1

Interop.SX..._7.dll

windows10-2004-x64

1

sx-pdf-lib.dll

windows7-x64

1

sx-pdf-lib.dll

windows10-2004-x64

1

sx-pdf-qv.dll

windows7-x64

1

sx-pdf-qv.dll

windows10-2004-x64

1

create_sc.exe

windows7-x64

4

create_sc.exe

windows10-2004-x64

4

Sharing

Copy URL Twitter E-mail

General

  • Target

    2b7c6bbfad35a4ce047177f546fab495_JaffaCakes118

  • Size

    2.7MB

  • MD5

    2b7c6bbfad35a4ce047177f546fab495

  • SHA1

    b243814aaa31f840bd19ca2a69d5eceff0922502

  • SHA256

    bda60043cb6b6026635aec88c36a5b8f4cf937d399b3d0a0179cfd3d10d99cb9

  • SHA512

    16ef216dfd470bd00a6c5e95afdd9d85435d28ee207be5e1962511e6a150d126713ba979dc59716d885a82ea037e2a8bb16c19a5f7125b66ba0369f9e4af36ca

  • SSDEEP

    49152:7+fKsps+HXsGpIv5NtxZHgRgmGYga/8QGMAUJXMpsmpSe0dE9izNuILMVg:7keW1Iv5NtxZAR8MsYMpste0dEgzNudO

Score
3/10

Malware Config

Signatures

  • Unsigned PE 11 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 2b7c6bbfad35a4ce047177f546fab495_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:5 windows x86 arch:x86

    a49b0342971aa199fc6349725b90146d


    Headers

    Imports

    Exports

    Sections

  • $PROFILE/Local Settings/Temp/FreePDFReading/FreePDFReading/FreePDFReading_Setup.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    55a6a096df3564193c302728985d6bda


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsis7z.dll
    .dll windows:5 windows x86 arch:x86

    4c04c20a976733bf789fead96eb58701


    Headers

    Imports

    Exports

    Sections

  • FreePDFReading.7z
    .7z
  • AxInterop.SX_PDF_QV_7.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • FreePDFReading.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Interop.SX_PDF_QV_7.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • license.txt
  • sx-pdf-lib.dll
    .dll windows:5 windows x86 arch:x86

    b27934f32bb5660769ef0f00d1f371cb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • sx-pdf-lib.license
  • sx-pdf-qv.ocx
    .dll regsvr32 windows:5 windows x86 arch:x86

    d71207996c677f51fc69415ddea4c021


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • create_sc.exe
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Headers

    Imports

    Sections

  • uninstall.exe.nsis
  • $PROFILE/Local Settings/Temp/FreePDFReading/PIPAskToolbar/Offercast391_ADAP_.exe
    .exe windows:5 windows x86 arch:x86

    240f3c8b5073e1eaae9777885f76451b


    Code Sign

    Headers

    Imports

    Sections