General

  • Target

    62f2e034aa235b69584d837c0f7544d3_JaffaCakes118

  • Size

    263KB

  • MD5

    62f2e034aa235b69584d837c0f7544d3

  • SHA1

    332d521835d01c12bbc4ca88529e07cdf830d2ab

  • SHA256

    6bc73333bf9ae12bdcedccc1ecd28acfc70f2b17d95c55d67e87100ee6040572

  • SHA512

    8c44b48c0f3e2a5d758764c6996f5cf50c01ed46c77c30289a0b684f0eb63d76f06b45797232f88619018e634d2dc23435d6201384ea121d159bb569fd22fdf4

  • SSDEEP

    6144:m7eTpOgBmLTVQkGEgh61eFk95eW8o/GzHhr4k2XrZxUVtQP9p:QmdBUThA6pvNA/27ZxUVtQVp

Score
3/10

Malware Config

Signatures

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 62f2e034aa235b69584d837c0f7544d3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    3abe302b6d9a1256e6a915429af4ffd2


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    cce05dea98cbac3a9d486b233588f528


    Headers

    Imports

    Exports

    Sections

  • $TEMP/Surtax
  • $TEMP/change/.interp
  • $TEMP/change/aspnetstate.exe
    .exe windows:5 windows x86 arch:x86

    a9c1095e6ea682d47e520e2fbf4d99c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/change/dmaccsubtree.gif
    .gif
  • $TEMP/paratrooper.dll
    .dll windows:4 windows x86 arch:x86

    7edc1942a6ca0b99fefcfb3a116eeb07


    Headers

    Imports

    Exports

    Sections