Overview

overview

10

Static

static

10

8c0e5b944d...18.exe

windows7-x64

3

8c0e5b944d...18.exe

windows10-2004-x64

3

$0/AWF.cmd

windows7-x64

1

$0/AWF.cmd

windows10-2004-x64

1

$0/AppDataFile.vbs

windows7-x64

1

$0/AppDataFile.vbs

windows10-2004-x64

1

$0/Assoc.cmd

windows7-x64

1

$0/Assoc.cmd

windows10-2004-x64

1

$0/Auto-RC.cmd

windows7-x64

1

$0/Auto-RC.cmd

windows10-2004-x64

1

$0/Boot-Rk.cmd

windows7-x64

1

$0/Boot-Rk.cmd

windows10-2004-x64

1

$0/Boot.bat

windows7-x64

4

$0/Boot.bat

windows10-2004-x64

4

$0/BootDrv.vbs

windows7-x64

1

$0/BootDrv.vbs

windows10-2004-x64

1

$0/CF-Script.cmd

windows7-x64

1

$0/CF-Script.cmd

windows10-2004-x64

1

$0/CSet.cmd

windows7-x64

1

$0/CSet.cmd

windows10-2004-x64

1

$0/Catch-sub.cmd

windows7-x64

1

$0/Catch-sub.cmd

windows10-2004-x64

1

$0/Combo-Fix.sys

windows7-x64

1

$0/Combo-Fix.sys

windows10-2004-x64

1

$0/ComboFi...ad.exe

windows7-x64

1

$0/ComboFi...ad.exe

windows10-2004-x64

1

$0/Combobatch.bat

windows7-x64

1

$0/Combobatch.bat

windows10-2004-x64

1

$0/Create.cmd

windows7-x64

1

$0/Create.cmd

windows10-2004-x64

1

$0/CregC.cmd

windows7-x64

1

$0/CregC.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    8c0e5b944de175a7c0cb0dfeda5c2f7b_JaffaCakes118

  • Size

    1.9MB

  • MD5

    8c0e5b944de175a7c0cb0dfeda5c2f7b

  • SHA1

    40da0564a453c50d0034c9cb648d2775ffffc1ea

  • SHA256

    81991af6479ea696c104c839c8fc3683977313c7590edb8d9bb79f8a950aa58a

  • SHA512

    1f4c88ec9aeb5e1f97b1ad0125d2c2eb206ce5509a9278fc3d2afb0a3f7e19accb64e637455a31ddf9529f2f0cfc5a72f2fd263975e3b24836635c64d8931d64

  • SSDEEP

    49152:aFT8Yw58W8PEO9h9pbI9sSqz4mv1SZ1gwIbC3aY9mOv4:aFWeph/cssqk3X4

Score
10/10
upx

Malware Config

Signatures

  • Nirsoft 5 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 14 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 8c0e5b944de175a7c0cb0dfeda5c2f7b_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/023.dat
  • $0/023v.dat
  • $0/023w7.dat
  • $0/AWF.cmd
  • $0/AppDataFile.cfx
    .vbs
  • $0/AppDataFolder.cfx
  • $0/Assoc.cmd
  • $0/Auto-RC.cmd
  • $0/Boot-Rk.cmd
  • $0/Boot.bat
  • $0/BootDrv.vbs
    .vbs
  • $0/CF-Script.cmd
    .cmd .ps1
  • $0/CSet.cmd
  • $0/Catch-sub.cmd
  • $0/Combo-Fix.sys
    .sys windows:5 windows x86 arch:x86


    Headers

    Sections

  • $0/ComboFix-Download.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/Combobatch.bat
  • $0/Create.cmd
  • $0/Creg.dat
  • $0/CregC.cmd
  • $0/CregC.dat
  • $0/DPF.str
  • $0/DelClsid.bat
  • $0/DelClsid64.bat
  • $0/DesktopFile.cfx
  • $0/Dnl.dat
  • $0/DrvRun.vbs
    .vbs
  • $0/ERDNT.e_e
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • $0/ERDNTDOS.LOC
  • $0/ERDNTWIN.LOC
  • $0/ERUNT.LOC
  • $0/ERUNT.cfxxe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • $0/Exe.reg
  • $0/FD-SV.cmd
  • $0/FIND3M.bat
  • $0/FIXLSP.bat
  • $0/FKMGen.cmd
  • $0/FavoriteFolder.cfx
  • $0/FavoritesFile.cfx
  • $0/FileKill.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/Fin.dat
  • $0/GetHive.cmd
  • $0/HDPEInfo.cfxxe
    .exe windows:4 windows x86 arch:x86

    1497f1c937d7f1a5eceac482c2801f5a


    Headers

    Imports

    Sections

  • $0/Imefile.dat
  • $0/Install-RC.cmd
  • $0/Kill-All.cmd
  • $0/Ksvchost.vbs
    .vbs
  • $0/Lang.bat
  • $0/List-B.bat
  • $0/List-C.bat
  • $0/List-D.bat
  • $0/List.bat
  • $0/LocalAppDataFile.cfx
  • $0/LocalAppDataFolder.cfx
  • $0/LocalService.dat
  • $0/LocalServiceNetworkRestricted.dat
  • $0/LocalSettingsFile.cfx
  • $0/LocalSystemNetworkRestricted.dat
  • $0/MoveIt.bat
  • $0/ND_.bat
  • $0/ND_64.bat
  • $0/NT-OS.cmd
    .cmd .ps1
  • $0/NetworkService.dat
  • $0/NirCmd.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/NirCmd.chm
    .chm
  • $0/NirCmdC.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/OSid.vbs
    .vbs
  • $0/P.cmd
  • $0/PersonalFile.cfx
  • $0/PersonalFolder.cfx
  • $0/Policies.dat
  • $0/Prep.inf
  • $0/ProfilesFile.cfx
    .vbs
  • $0/ProfilesFolder.cfx
  • $0/ProgramsFile.cfx
  • $0/ProgramsFolder.cfx
  • $0/Purity.dat
  • $0/RCLink.dat
  • $0/REGDACL.sed
  • $0/RegDo.sed
  • $0/RegScan.cmd
  • $0/RegScan64.cmd
  • $0/Rkey.cmd
  • $0/Rust.str
  • $0/SRestore.cmd
  • $0/Safeboot.def.w7.dat
  • $0/SetEnvmt.bat
  • $0/SnapShot.cmd
  • $0/StartMenuFile.cfx
  • $0/StartMenuFolder.cfx
  • $0/StartUpFile.cfx
  • $0/SuppScan.cmd
  • $0/SvcDrv.vbs
    .vbs
  • $0/TemplatesFile.cfx
  • $0/TemplatesFolder.cfx
  • $0/Update-CF.cmd
  • $0/VInfo
  • $0/VInfo2
  • $0/Vipev.dat
  • $0/VwinTemp.dacl
  • $0/Wmi_rem.vbs
    .vbs
  • $0/XPSBoot.reg
  • $0/appinit.bad
  • $0/asp.str
  • $0/av.cmd
  • $0/av.vbs
    .vbs
  • $0/badclsid.c
  • $0/firefox.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/iexplore.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/n.pif
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections