General

  • Target

    7086b71e012a95a8cacea869c0faa921_JaffaCakes118

  • Size

    17.2MB

  • MD5

    7086b71e012a95a8cacea869c0faa921

  • SHA1

    2359385afa3812dd681356d301762dd7a90d5749

  • SHA256

    68fc88238de071fbdc5f7e1c9771adec1bca2903752f148e6cdb7ea6e796a966

  • SHA512

    a2a2d0a01d51ccc0b86516c79b1552f06557dfda88f006746851d8bbea44cf908b981521bc2704e4f472da08e34c555d32bc75f0263ba9e24ed908ef83c1c045

  • SSDEEP

    393216:aU8E0Q81jC2OwDDyTHpslrduchoFs/TZ+LmJONTshFHo6r3ELG7O:aUcmrwWWlrkal+yiT25TdK

Score
10/10

Malware Config

Signatures

  • AmmyyAdmin payload 1 IoCs
  • Ammyyadmin family
  • Unsigned PE 17 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 7086b71e012a95a8cacea869c0faa921_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    741b6bafe355b63a372d737b30543a95


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    9b6b6a7858e17fb0b17e1c1428330343


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/splash.bmp
  • PBWS32.DLL
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • Scan.ini
  • baro.exe
    .exe windows:5 windows x86 arch:x86

    ae86390549f5fe4a8cd8eb0b541a9234


    Headers

    Imports

    Exports

    Sections

  • butce.pbd
  • cmuk_d.pbd
  • cmuk_m.pbd
  • cmuk_r.pbd
  • cmuk_w.pbd
  • cmuk_wr.pbd
  • demirbas.pbd
  • disiplin.pbd
  • disiplin_r.pbd
  • disiplin_yeni.pbd
  • dll/FreeImage.dll
    .dll windows:5 windows x86 arch:x86

    f3db81844469ba23e814e3c02eedcc15


    Headers

    Imports

    Exports

    Sections

  • dll/Interop.WIA.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/PdfSharp.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/RegAsm.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dll/SDD_TWAIN_SCANNER.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/Saraff.Twain.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/System.Drawing.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/UzakYardim.exe
    .exe windows:4 windows x86 arch:x86

    59bc1054f3fb6d52d677cef7c12118a3


    Headers

    Imports

    Sections

  • dll/UzakYardim.log
  • dll/WinSCP.com
    .exe windows:4 windows x86 arch:x86

    e472c1fbe7bf0d8c224ae7ff368ef137


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • dll/WinSCP.exe
    .exe windows:4 windows x86 arch:x86

    390bf18706bfb62796da45d5d3226076


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • dll/WinSCPnet.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • dll/cl32.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    36600284ee7106703504347a91112909


    Headers

    Imports

    Exports

    Sections

  • dll/sdd_regasm.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • doorbell1.wav
  • emubasir.pbd
  • evrak.pbd
  • fatura.pbd
  • gundem.pbd
  • gxps.exe
    .exe windows:4 windows x86 arch:x86

    30c57c50884b31ccd9b068732d733ff6


    Headers

    Imports

    Exports

    Sections

  • ihm.pbd
  • khk.pbd
  • kimlik.pbd
  • kiraci.pbd
  • komisyon.pbd
  • magdur.pbd
  • mali.pbd
  • muhasebe.pbd
  • muhasebe_r.pbd
  • muzaharet.pbd
  • ortak_d.pbd
  • ortak_f.pbd
  • ortak_u.pbd
  • ortak_w.pbd
  • pbsoapclient105.pbd
  • pbsoapclient90.pbd
  • personel.pbd
  • sdd_d.pbd
  • sdd_degisen.pbd
  • sdd_f.pbd
  • sdd_inherit.pbd
  • sdd_m.pbd
  • sdd_n_cst.pbd
  • sdd_s.pbd
  • sdd_security.pbd
  • sdd_u.pbd
  • sdd_w.pbd
  • sddproxy.pbd
  • sem.pbd
  • seminer.pbd
  • sicil.pbd
  • sicil_r.pbd
  • sigorta.pbd
  • staj.pbd
  • staj_r.pbd
  • stok.pbd
  • sydf.pbd
  • tsk_ek2.pbd
  • uyecari.pbd
  • uzlasma.pbd
  • yardim.pbd
  • yardim_r.pbd
  • yardim_yk.pbd
  • yazisma.pbd
  • ys.pbd