General

  • Target

    41b93173a8b5583daaf090438fb05004_JaffaCakes118

  • Size

    538KB

  • MD5

    41b93173a8b5583daaf090438fb05004

  • SHA1

    a0db1a8f024e95fbc5c4c4930a4f6f905bbcab24

  • SHA256

    b87cfba8a4f2329b0b372326a7f169f5896459a6bdae0ad8857b576129722204

  • SHA512

    a770ed85694301daa0b8f9c46dbc25207411b888d6d1a358a816590f0c3bbfad05bd438545554e6c3ce391be6b640acbf69819f38aab0dd235caf2d17962be57

  • SSDEEP

    12288:kNi7Ynlwt1fL+RcGNh25nxXLZmW2PjlyjkvGha:kNk+lwrEcEc5nRLZj2PjlyTa

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 41b93173a8b5583daaf090438fb05004_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    1f23f452093b5c1ff091a2f9fb4fa3e9


    Headers

    Imports

    Sections

  • $APPDATA/9.opends60.dll
  • $APPDATA/Tag/lcrecundo.png
    .png
  • $APPDATA/Tag/odcunlock03.gif
    .gif
  • $APPDATA/app.jsl
  • $APPDATA/chinese.svg
    .xml
  • $APPDATA/matrixkeypad.ko
    .elf linux x64
  • $APPDATA/org.gnome.Terminal.Nautilus.metainfo.xml
    .xml
  • $APPDATA/regsvcs.exe
    .xml
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/48.opends60.dll
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/GridView0804fig01.gif
    .gif
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/IEExecRemote.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • $APPDATA/season/INDEXTYPE/emailAddress/directory/ccissdefs.h
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/intfhelper.h
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/media-optical-cd-audio-symbolic.svg
    .xml
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/save-resume.page
    .xml
  • $APPDATA/season/INDEXTYPE/emailAddress/directory/x-fluid.xml
    .xml
  • $APPDATA/streamreader.cs
  • $APPDATA/tel/headline/hostid/customizeToolbar.css
  • $APPDATA/tel/headline/hostid/ultrachrome.xml
    .xml
  • $APPDATA/tel/headline/hostid/x-psf.xml
    .xml
  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    e1c0bd3d5b9f3f5cec7ea773ff66ac6e


    Headers

    Imports

    Exports

    Sections

  • $TEMP/Psychobabble
  • $TEMP/aspnetwp.exe
    .exe windows:5 windows x86 arch:x86

    f8f9782601130b9a734b4e856933dbe9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/planula.dll
    .dll windows:4 windows x86 arch:x86

    d730175313878a571ffa218882f729a4


    Headers

    Imports

    Exports

    Sections

  • $TEMP/scsql9FileList.HxF
    .xml