Overview

overview

7

Static

static

3

99a1b8cbcd...18.exe

windows7-x64

7

99a1b8cbcd...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

CFGMGR.exe

windows7-x64

1

CFGMGR.exe

windows10-2004-x64

1

CREATEKB.chm

windows7-x64

1

CREATEKB.chm

windows10-2004-x64

1

CREATEKB.exe

windows7-x64

3

CREATEKB.exe

windows10-2004-x64

3

EULA.rtf

windows7-x64

1

EULA.rtf

windows10-2004-x64

1

HOSTEDIT.exe

windows7-x64

1

HOSTEDIT.exe

windows10-2004-x64

1

ResourceEditor.exe

windows7-x64

7

ResourceEditor.exe

windows10-2004-x64

7

SCRPTEDT.exe

windows7-x64

1

SCRPTEDT.exe

windows10-2004-x64

1

ScreenReformatter.chm

windows7-x64

1

ScreenReformatter.chm

windows10-2004-x64

1

ScreenReformatter.exe

windows7-x64

1

ScreenReformatter.exe

windows10-2004-x64

3

WlPrdIst.ps1

windows7-x64

3

WlPrdIst.ps1

windows10-2004-x64

3

TelnetConfig.exe

windows7-x64

1

TelnetConfig.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    99a1b8cbcd7b09bb55f366fb1a7e88d3_JaffaCakes118

  • Size

    2.4MB

  • MD5

    99a1b8cbcd7b09bb55f366fb1a7e88d3

  • SHA1

    2cb9718a223269a7f29bea54d60ca610a18c9149

  • SHA256

    c0e9e2863debb6b83178558f9147488653dd2cad85ee32bbb5254c75a3b02cc4

  • SHA512

    f41f5c8e6238609b23b5890e1e47a6058a5d4973336ce69e1a6026b3285eb9e4e4a537bec8ce6043be5054fed3217443600ae5b1cd6a63e5c5fd003934b779b0

  • SSDEEP

    49152:t8S22NyKi2UCelgFSC2yc1AU7xNGCO9ZzCKuCe9fPVT5iH7XW:t8QVi2alg61TNGCGzCr9fPVT5i7W

Score
3/10

Malware Config

Signatures

  • Unsigned PE 14 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 99a1b8cbcd7b09bb55f366fb1a7e88d3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AccessControl.dll
    .dll windows:4 windows x86 arch:x86

    ed83f419402bc3b83a08e3aaf8b5b5b7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Splash.dll
    .dll windows:4 windows x86 arch:x86

    dfca8f6698c93c9475bec373d99a1efd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/splash.bmp
  • BugFix.txt
  • CERTLIST.PEM
  • CFGMGR.EXE
    .exe windows:4 windows x86 arch:x86

    cd99b8849eb688475fd061bdc4cc4bd3


    Headers

    Imports

    Sections

  • CREATEKB.CHM
    .chm
  • CREATEKB.EXE
    .exe windows:4 windows x86 arch:x86

    1ddf83ca749f9b860666b697bd123cf6


    Headers

    Imports

    Sections

  • CUSTOM.KMT
  • CfgMgr.cfg
  • EULA.rtf
    .rtf
  • HOSTEDIT.EXE
    .exe windows:4 windows x86 arch:x86

    328514e7a6e549ccbfdd0c5ad06490d8


    Headers

    Imports

    Sections

  • LOCAL.TXT
  • REFORMAT.BIN
  • RESOURCE.BIN
  • ResourceEditor.exe
    .exe windows:4 windows x86 arch:x86

    e1646f73997d4bd04eeea61aea7b5f16


    Headers

    Imports

    Sections

  • S24CFG.DAT
  • SCRIPTS.BIN
  • SCRPTEDT.EXE
    .exe windows:4 windows x86 arch:x86

    9e16daf6cddebd0fbc49ec7a9d127b57


    Headers

    Imports

    Sections

  • SSHAUTH.DAT
  • ScreenReformatter.chm
    .chm
  • ScreenReformatter.exe
    .exe windows:4 windows x86 arch:x86

    c23fe466b9ba3f8fd1942fb55cd5dd79


    Headers

    Imports

    Sections

  • TERMCFG.BIN
  • TERMCFG.INF
  • TERMTYPE.DAT
  • TelnetCE.ini
  • TelnetCE_73141.ARM.cab
    .cab
  • 00000WLB.035
  • 0000Emhp.008
  • 0000Emvt.012
  • 000EMWEB.013
  • 000EmNum.010
  • 000Setup.999
  • 000VTUni.027
  • 000local.019
  • 00CUSTOM.003
  • 00Custom.004
  • 00Ebcdic.005
  • 00Em3270.006
  • 00Em5250.007
  • 00EmNone.009
  • 00IBMUni.015
  • 00ITCDEV.036
  • 00ITCNET.037
  • 00Keymap.018
  • 00S24cfg.022
  • 0Charset.002
  • 0Emulate.011
  • 0INTG038.016
  • 0INTG051.017
  • 0ITCSCAN.038
  • 0SCRIPTS.023
  • 0SSHAUTH.024
  • 0Support.034
  • 0Termcfg.025
  • 0WEBDATA.028
  • AUTOEXEC.031
  • CERTLIST.001
  • HostCfgs.014
  • INSTAL~1.000
  • REFORMAT.020
  • RESOURCE.021
  • TelnetCE.033
  • TermType.026
  • WLINST~1.039
  • WlPrdIst.029
    .ps1
  • WlPrdRst.030
  • _setup.xml
  • profiles.032
  • TelnetConfig.cfg
  • TelnetConfig.exe
    .exe windows:4 windows x86 arch:x86

    e791dd1ca5a231893f28249684f080b4


    Headers

    Imports

    Sections

  • ce-release.txt
  • local/DENMARK/CHARSET.ASC
  • local/DENMARK/CHARSET.BIN
  • local/DENMARK/EBCDIC.BIN
  • local/DENMARK/EBCDIC.TXT
  • local/DENMARK/EMULATE.ASC
  • local/DENMARK/EMULATE.MSG
  • local/DENMARK/IBMUNI.ASC
  • local/DENMARK/LOCAL.BAT
  • local/DENMARK/LOCAL.TXT
  • local/DENMARK/LOCAL4.BAT
  • local/DENMARK/MSG.H
  • local/DENMARK/VTHP.ASC
  • local/DENMARK/VTUNI.ASC
  • local/FINLAND/CHARSET.ASC
  • local/FINLAND/CHARSET.BIN
  • local/FINLAND/EBCDIC.BIN
  • local/FINLAND/EBCDIC.TXT
  • local/FINLAND/EMULATE.ASC
  • local/FINLAND/EMULATE.MSG
  • local/FINLAND/IBMUNI.ASC
  • local/FINLAND/LOCAL.BAT
  • local/FINLAND/LOCAL.TXT
  • local/FINLAND/LOCAL4.BAT
  • local/FINLAND/MSG.H
  • local/FINLAND/VTHP.ASC
  • local/FINLAND/VTUNI.ASC
  • local/FRANCE/CHARSET.ASC
  • local/FRANCE/CHARSET.BIN
  • local/FRANCE/EBCDIC.BIN
  • local/FRANCE/EBCDIC.TXT
  • local/FRANCE/EMULATE.ASC
  • local/FRANCE/EMULATE.MSG
  • local/FRANCE/IBMUNI.ASC
  • local/FRANCE/LOCAL.BAT
  • local/FRANCE/LOCAL.TXT
  • local/FRANCE/LOCAL4.BAT
  • local/FRANCE/MSG.H
  • local/FRANCE/VTHP.ASC
  • local/FRANCE/VTUNI.ASC
  • local/FREN-CAN/CHARSET.ASC
  • local/FREN-CAN/CHARSET.BIN
  • local/FREN-CAN/EBCDIC.BIN
  • local/FREN-CAN/EBCDIC.TXT
  • local/FREN-CAN/EMULATE.ASC
  • local/FREN-CAN/EMULATE.MSG
  • local/FREN-CAN/IBMUNI.ASC
  • local/FREN-CAN/LOCAL.BAT
  • local/FREN-CAN/LOCAL.TXT
  • local/FREN-CAN/LOCAL4.BAT
  • local/FREN-CAN/MSG.H
  • local/FREN-CAN/VTHP.ASC
  • local/FREN-CAN/VTUNI.ASC
  • local/GERMANY/CHARSET.ASC
  • local/GERMANY/CHARSET.BIN
  • local/GERMANY/EBCDIC.BIN
  • local/GERMANY/EBCDIC.TXT
  • local/GERMANY/EMULATE.ASC
  • local/GERMANY/EMULATE.MSG
  • local/GERMANY/IBMUNI.ASC
  • local/GERMANY/LOCAL.BAT
  • local/GERMANY/LOCAL.TXT
  • local/GERMANY/LOCAL4.BAT
  • local/GERMANY/MSG.H
  • local/GERMANY/VTHP.ASC
  • local/GERMANY/VTUNI.ASC
  • local/HOLLAND/CHARSET.ASC
  • local/HOLLAND/CHARSET.BIN
  • local/HOLLAND/EBCDIC.BIN
  • local/HOLLAND/EBCDIC.TXT
  • local/HOLLAND/EMULATE.ASC
  • local/HOLLAND/EMULATE.MSG
  • local/HOLLAND/IBMUNI.ASC
  • local/HOLLAND/LOCAL.BAT
  • local/HOLLAND/LOCAL.TXT
  • local/HOLLAND/LOCAL4.BAT
  • local/HOLLAND/MSG.H
  • local/HOLLAND/VTHP.ASC
  • local/HOLLAND/VTUNI.ASC
  • local/ITALY/CHARSET.ASC
  • local/ITALY/CHARSET.BIN
  • local/ITALY/EBCDIC.BIN
  • local/ITALY/EBCDIC.TXT
  • local/ITALY/EMULATE.ASC
  • local/ITALY/EMULATE.MSG
  • local/ITALY/IBMUNI.ASC
  • local/ITALY/LOCAL.BAT
  • local/ITALY/LOCAL.TXT
  • local/ITALY/LOCAL4.BAT
  • local/ITALY/MSG.H
  • local/ITALY/VTHP.ASC
  • local/ITALY/VTUNI.ASC
  • local/MSGCOMP.EXE
  • local/NORWAY/CHARSET.ASC
  • local/NORWAY/CHARSET.BIN
  • local/NORWAY/EBCDIC.BIN
  • local/NORWAY/EBCDIC.TXT
  • local/NORWAY/EMULATE.ASC
  • local/NORWAY/EMULATE.MSG
  • local/NORWAY/IBMUNI.ASC
  • local/NORWAY/LOCAL.BAT
  • local/NORWAY/LOCAL.TXT
  • local/NORWAY/LOCAL4.BAT
  • local/NORWAY/MSG.H
  • local/NORWAY/VTHP.ASC
  • local/NORWAY/VTUNI.ASC
  • local/READ.ME
  • local/SPAIN/CHARSET.ASC
  • local/SPAIN/CHARSET.BIN
  • local/SPAIN/EBCDIC.BIN
  • local/SPAIN/EBCDIC.TXT
  • local/SPAIN/EMULATE.ASC
  • local/SPAIN/EMULATE.MSG
  • local/SPAIN/IBMUNI.ASC
  • local/SPAIN/LOCAL.BAT
  • local/SPAIN/LOCAL.TXT
  • local/SPAIN/LOCAL4.BAT
  • local/SPAIN/MSG.H
  • local/SPAIN/VTHP.ASC
  • local/SPAIN/VTUNI.ASC
  • local/SWEDEN/CHARSET.ASC
  • local/SWEDEN/CHARSET.BIN
  • local/SWEDEN/EBCDIC.BIN
  • local/SWEDEN/EBCDIC.TXT
  • local/SWEDEN/EMULATE.ASC
  • local/SWEDEN/EMULATE.MSG
  • local/SWEDEN/IBMUNI.ASC
  • local/SWEDEN/LOCAL.BAT
  • local/SWEDEN/LOCAL.TXT
  • local/SWEDEN/LOCAL4.BAT
  • local/SWEDEN/MSG.H
  • local/SWEDEN/VTHP.ASC
  • local/SWEDEN/VTUNI.ASC
  • local/SWTZRLND/CHARSET.ASC
  • local/SWTZRLND/CHARSET.BIN
  • local/SWTZRLND/EBCDIC.BIN
  • local/SWTZRLND/EBCDIC.TXT
  • local/SWTZRLND/EMULATE.ASC
  • local/SWTZRLND/EMULATE.MSG
  • local/SWTZRLND/IBMUNI.ASC
  • local/SWTZRLND/LOCAL.BAT
  • local/SWTZRLND/LOCAL.TXT
  • local/SWTZRLND/LOCAL4.BAT
  • local/SWTZRLND/MSG.H
  • local/SWTZRLND/VTHP.ASC
  • local/SWTZRLND/VTUNI.ASC
  • local/UK/CHARSET.ASC
  • local/UK/CHARSET.BIN
  • local/UK/EBCDIC.BIN
  • local/UK/EBCDIC.TXT
  • local/UK/EMULATE.ASC
  • local/UK/EMULATE.MSG
  • local/UK/IBMUNI.ASC
  • local/UK/LOCAL.BAT
  • local/UK/LOCAL.TXT
  • local/UK/LOCAL4.BAT
  • local/UK/MSG.H
  • local/UK/VTHP.ASC
  • local/UK/VTUNI.ASC
  • local/US/CHARSET.ASC
  • local/US/CHARSET.BIN
  • local/US/EBCDIC.BIN
  • local/US/EBCDIC.TXT
  • local/US/EMULATE.ASC
  • local/US/EMULATE.MSG
  • local/US/IBMUNI.ASC
  • local/US/LOCAL.BAT
  • local/US/LOCAL.TXT
  • local/US/LOCAL4.BAT
  • local/US/MSG.H
  • local/US/VTHP.ASC
  • local/US/VTUNI.ASC
  • local/WLOCAL.CHM
    .chm
  • local/WLOCAL.EXE
    .exe windows:4 windows x86 arch:x86

    070702482ebee8e0ff426c3f664724ed


    Headers

    Imports

    Sections

  • readme.txt
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections