Overview

overview

7

Static

static

7

9c6f85538b...18.exe

windows7-x64

7

9c6f85538b...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

$PLUGINSDI...ex.dll

windows7-x64

3

$PLUGINSDI...ex.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

7

$PLUGINSDI...on.dll

windows10-2004-x64

7

$_30_/updater.exe

windows7-x64

6

$_30_/updater.exe

windows10-2004-x64

6

$_31_/Chro...er.exe

windows7-x64

6

$_31_/Chro...er.exe

windows10-2004-x64

6

$_31_/Fire...er.exe

windows7-x64

6

$_31_/Fire...er.exe

windows10-2004-x64

6

$_31_/IeHe...er.exe

windows7-x64

6

$_31_/IeHe...er.exe

windows10-2004-x64

6

$_42_/chro...ain.js

windows7-x64

3

$_42_/chro...ain.js

windows10-2004-x64

3

announce.js

windows7-x64

3

announce.js

windows10-2004-x64

3

background.html

windows7-x64

1

background.html

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    9c6f85538b0705e5085860e5025bdcbe_JaffaCakes118

  • Size

    3.7MB

  • MD5

    9c6f85538b0705e5085860e5025bdcbe

  • SHA1

    997a2773afe3ab2fa7419f84acce9e90e6435f7f

  • SHA256

    206cc59b5f53c37b6b453a91e3a9acd3a1a6cc3f2de43defdadcbbf68992e92e

  • SHA512

    3b22c679559c7f417f605f5c910d15233cd204d85faa151d89253be6fd8e9089f57ef9da312c0bad68a01d3d7d9fb86fcb028dd55a41f4e0351dfbbff12512c4

  • SSDEEP

    49152:zdo35R0GZNK7PaRcc/HQ91m3O5ZBfYTJggRGE4OwpnlrEieMz09v86mqlOlZBoqK:zGo42aK9KOnMqgUXdllrEiD09k6BOb4

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 9c6f85538b0705e5085860e5025bdcbe_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Helper.dll
    .dll windows:5 windows x86 arch:x86

    63444db97875b0c290e13cd6c60a53e4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:4 windows x86 arch:x86

    f5edecae12589e705677a6e272ad0394


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsislog.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/util_ex.dll
    .dll windows:5 windows x86 arch:x86

    61442a788a587675b268cc37ff322ae4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/version.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $_30_/updater.exe
    .exe windows:5 windows x86 arch:x86

    99c6757a88f171c7424a37bc7e64d4a9


    Code Sign

    Headers

    Imports

    Sections

  • $_31_/ChromeHelper/ChromeHelper.exe
    .exe windows:5 windows x86 arch:x86

    8335334a3c1d617c25c269a7714094cf


    Code Sign

    Headers

    Imports

    Sections

  • $_31_/FirefoxHelper/FirefoxHelper.exe
    .exe windows:5 windows x86 arch:x86

    8335334a3c1d617c25c269a7714094cf


    Code Sign

    Headers

    Imports

    Sections

  • $_31_/IeHelper/IeHelper.exe
    .exe windows:5 windows x86 arch:x86

    8335334a3c1d617c25c269a7714094cf


    Code Sign

    Headers

    Imports

    Sections

  • $_42_/chrome.manifest
  • $_42_/chrome/content/main.js
    .js
  • $_42_/chrome/content/overlay.xul
    .xml
  • $_42_/install.rdf
    .xml
  • Chrome/common.crx
    .zip
  • announce.js
  • background.html
    .html
  • common.js
    .js
  • contentscript.js
    .js
  • icon.png
    .png
  • icon128.png
    .png
  • icon16.png
    .png
  • icon48.png
    .png
  • iframecontentscript.js
    .js
  • manifest.json
  • Firefox/chrome.manifest
  • Firefox/chrome/content/main.js
    .js
  • Firefox/chrome/content/overlay.xul
    .xml
  • Firefox/install.rdf
    .xml
  • IE/common.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    0c388d2babcd5cd0ceda13b4131019fc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • TubeDimmer.ico
  • Uninstall.exe
    .exe windows:5 windows x86 arch:x86

    8d87bc6484ad0aa41a606fa5a55d19bc


    Code Sign

    Headers

    Imports

    Sections