Overview

overview

7

Static

static

3

2f82a626e1...18.exe

windows7-x64

7

2f82a626e1...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ch.dll

windows7-x64

1

$PLUGINSDI...ch.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$_64_/$R2.dll

windows7-x64

3

$_64_/$R2.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f82a626e189e3ee203c23954586cba9_JaffaCakes118

  • Size

    28.8MB

  • MD5

    2f82a626e189e3ee203c23954586cba9

  • SHA1

    e8e42be1a2d64cfc02f1890547c0ca1595c59764

  • SHA256

    c789f3686074617e1c909dfa6f93f472e494833c254a2eadb5ba948096412ce7

  • SHA512

    3ec51ff75869c772431499d989ff7dd34cc70b9d1f56e41f5ca2d8be33ab0a2e5d3a536cb78e59f272977084a2a3a4f411a8b4bf0c2fd59c05d010b681748eb8

  • SSDEEP

    786432:0gzzJZO1TCJVJwpHPeYJzYcUdMKgIr7ldmCExS5vzE:PpZETCpKHmYVGdMKgIrholU5vg

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 2f82a626e189e3ee203c23954586cba9_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/antivirus.dat
  • $PLUGINSDIR/kasearch.dll
    .dll windows:4 windows x86 arch:x86

    a3c3e800b1b6dfa985451a3626d12fa9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/setuphelper.dll
    .dll windows:4 windows x86 arch:x86

    fa65e87b656651aab21257e4a001fba8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_64_/$R2
    .dll windows:4 windows x86 arch:x86

    a3c3e800b1b6dfa985451a3626d12fa9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_64_/lang/chs/antivirus.dat
  • $_64_/ressrc/chs/antivirus.dat