Overview

overview

7

Static

static

7

8538e283e4...18.exe

windows7-x64

7

8538e283e4...18.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

1

$PLUGINSDI...te.dll

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

$PLUGINSDI...on.dll

windows7-x64

7

$PLUGINSDI...on.dll

windows10-2004-x64

7

skywidget.dll

windows7-x64

6

skywidget.dll

windows10-2004-x64

6

skywidget.exe

windows7-x64

1

skywidget.exe

windows10-2004-x64

1

skywidgeted.exe

windows7-x64

1

skywidgeted.exe

windows10-2004-x64

1

skywidgeter.exe

windows7-x64

1

skywidgeter.exe

windows10-2004-x64

1

skywidgets.exe

windows7-x64

1

skywidgets.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8538e283e43c913cc203856667900c77_JaffaCakes118

  • Size

    1.7MB

  • MD5

    8538e283e43c913cc203856667900c77

  • SHA1

    ee281da49eaf0bce35724374eb4e4f7e49cf7821

  • SHA256

    6e24e54f0a6079329d8f3ea3ce22d6f42ab4e166b454a8d0c1f95c004ef7c21e

  • SHA512

    bbd125ca7024f1c009e97ff9dc2cbdf7bb4c01cad3fdccb09569fb781d18e0ce94b5c478b535356ccd069bfb70f01bd92a16c696f086d2dd55dce41c5d505b01

  • SSDEEP

    24576:B2zWVbD/MPJYBB50WrX707jKHBYKaQqY1f4E6oej/hAh2guFjOScX:kzObjMPiB5007yu2y4Yyf9jOScX

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 8538e283e43c913cc203856667900c77_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/DLLWebCount.dll
    .dll windows:4 windows x86 arch:x86

    da9753a0859a4bcac292d56630cf47ba


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    ba3891ead2b1916a668d1301763262db


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SelfDelete.dll
    .dll windows:4 windows x86 arch:x86

    1e9621cfcd4ae80e95c364e38bcff5d7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsRandom.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/version.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • skywidget.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    261adc291bb72854be58467340a465bc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • skywidget.exe
    .exe windows:5 windows x86 arch:x86

    a27607a88482085f8a6d0911d0558cd2


    Code Sign

    Headers

    Imports

    Sections

  • skywidgeted.exe
    .exe windows:4 windows x86 arch:x86

    9b102b4e253fa5637ea5c79baa0d682b


    Code Sign

    Headers

    Imports

    Sections

  • skywidgeter.exe
    .exe windows:5 windows x86 arch:x86

    10f23adbdfa7ae6ef180d748e5a946be


    Code Sign

    Headers

    Imports

    Sections

  • skywidgets.exe
    .exe windows:5 windows x86 arch:x86

    90ec113d18d1ee54baf1354bd2faef3d


    Code Sign

    Headers

    Imports

    Sections

  • uninstall.exe.nsis