destroy
getWindow
show
General
-
Target
9cd8d4e8c48497a9cb4cd37e0ef8a785_JaffaCakes118
-
Size
5.4MB
-
MD5
9cd8d4e8c48497a9cb4cd37e0ef8a785
-
SHA1
1c1e86fc10b565fea673bfcf664a29ca4d5d3f2a
-
SHA256
23ea3c510c9b0d48047a4b236a82a7fdbed3bd58c1b3eecf82729ef1c849d421
-
SHA512
98f5b129d59ff97b647f1fd91a209ad80759c852ff94b986a5293b475de02de0297b9605368cc9cacf52c6fe57b20e526d81c1de3e69a5b845e962278dd63ca9
-
SSDEEP
98304:ZiofAgvhWN0WMXmAihL9nXFQ+jSBpemBgiA24PKUPBuGLlNQS1LCGNrbscGQwd:ZiofAgpWiBXmAM9rjStguileC3xGd
Score
10/10
Malware Config
Signatures
-
Nirsoft 5 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Unsigned PE 53 IoCs
Checks for missing Authenticode signature.
-
NSIS installer 1 IoCs
Files
-
9cd8d4e8c48497a9cb4cd37e0ef8a785_JaffaCakes118
Headers
Sections
-
$0/023.dat
-
$0/023v.dat
-
$0/023w7.dat
-
$0/023w8.dat
-
$0/AWF.cmd
-
$0/ActiveDrv.vbs
-
$0/AppDataFile.cfx
-
$0/AppDataFolder.cfx
-
$0/Assoc.cmd
-
$0/Auto-RC.cmd
-
$0/BFE.dat
-
$0/Boot-Rk.cmd
-
$0/Boot.bat
-
$0/BootDrv.vbs
-
$0/CF-Script.cmd
-
$0/Catch-sub.cmd
-
$0/Combo-Fix.sys
Headers
Sections
-
$0/ComboFix-Download.3XE
Headers
Sections
-
$0/Combobatch.bat
-
$0/Create.cmd
-
$0/Creg.dat
-
$0/CregC.cmd
-
$0/CregC.dat
-
$0/DPF.str
-
$0/DelClsid.bat
-
$0/DelClsid64.bat
-
$0/DesktopFile.cfx
-
$0/Dnl.dat
-
$0/DrvRun.vbs
-
$0/EN-US/iexplore.exe
0b9ca80ff295945b3cf5762a07ef3d50
Headers
Imports
Sections
-
$0/ERDNT.e_e
Headers
Sections
-
$0/ERDNTDOS.LOC
-
$0/ERDNTWIN.LOC
-
$0/ERUNT.3XE
Headers
Sections
-
$0/ERUNT.LOC
-
$0/Exe.reg
-
$0/FD-SV.cmd
-
$0/FIND3M.bat
-
$0/FIXLSP.bat
-
$0/FIXLSP64.cmd
-
$0/FKMGen.cmd
-
$0/FavoriteFolder.cfx
-
$0/FavoritesFile.cfx
-
$0/FileKill.3XE
Headers
Sections
-
$0/Fin.dat
-
$0/GetHive.cmd
-
$0/Imefile.dat
-
$0/Install-RC.cmd
-
$0/KNetSvcs.vbs
-
$0/Kill-All.cmd
-
$0/Ksvchost.vbs
-
$0/Lang.bat
-
$0/License/Curl - license.txt
-
$0/License/EXTRACT.TXT
-
$0/License/FI - license.txt
-
$0/License/UnxUtilsDist.com
-
$0/License/UnxUtilsDist.html
-
$0/License/UnxUtilsDist.pif
-
$0/License/Zip - license.txt
-
$0/License/dumphive-license.txt
-
$0/License/firefox.exe
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/License/iexplore.exe
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/License/mtee.txt
-
$0/License/ncmd.cfxxe
-
$0/License/pv_5_2_2.zip
-
pv.exe
8839be4e39be293b659bfa988210ebfa
Headers
Imports
Sections
-
pv.txt
-
$0/License/streamtools.zip
-
CS.exe
f398be39025828d3564ecb42ebba5dc1
Headers
Imports
Sections
-
DS.exe
3a4f4ffe0235b238623dbfdc406cb613
Headers
Imports
Sections
-
FS.bat
-
LS.exe
260f2d6b4b372c3976adb4866014670f
Headers
Imports
Sections
-
RS.bat
-
SF.exe
fa302e2d11235d136fef4e8823119994
Headers
Imports
Sections
-
SFs.bat
-
readme.txt
-
$0/List-B.bat
-
$0/List-C.bat
-
$0/List-D.bat
-
$0/List.bat
-
$0/LocalAppDataFile.cfx
-
$0/LocalAppDataFolder.cfx
-
$0/LocalService.dat
-
$0/LocalServiceNetworkRestricted.dat
-
$0/LocalSettingsFile.cfx
-
$0/LocalSettingsFolder.cfx
-
$0/LocalSystemNetworkRestricted.dat
-
$0/MDWht.dat
-
$0/MZChanged.dat
-
$0/MoveIt.bat
-
$0/MpsSvc.dat
-
$0/ND_.bat
-
$0/ND_64.bat
-
$0/NT-OS.cmd
-
$0/NetworkService.dat
-
$0/NirCmd.3XE
Headers
Sections
-
$0/NirCmd.chm
-
$0/NirCmdC.3XE
Headers
Sections
-
$0/NirScript.dat
-
$0/OSid.vbs
-
$0/P.cmd
-
$0/PV.3XE
8839be4e39be293b659bfa988210ebfa
Headers
Imports
Sections
-
$0/PersonalFile.cfx
-
$0/PersonalFolder.cfx
-
$0/Policies.dat
-
$0/Prep.inf
-
$0/ProfilesFile.cfx
-
$0/ProfilesFolder.cfx
-
$0/ProgramsFile.cfx
-
$0/ProgramsFolder.cfx
-
$0/Purity.dat
-
$0/RCLink.dat
-
$0/REGDACL.sed
-
$0/RNullFix64.3XE
1eb9071ddd5c2fb5179069f43f4aed99
Headers
Imports
Sections
-
$0/RegDo.sed
-
$0/RegScan.cmd
-
$0/RegScan64.cmd
-
$0/Rkey.cmd
-
$0/Rust.str
-
$0/SRestore.cmd
-
$0/Safeboot.def.w7.dat
-
$0/Safeboot.def.w8.dat
-
$0/SetEnvmt.bat
-
$0/ShAccess.dat
-
$0/SnapShot.cmd
-
$0/StartMenuFile.cfx
-
$0/StartMenuFolder.cfx
-
$0/StartUpFile.cfx
-
$0/SuppScan.cmd
-
$0/SvcDrv.vbs
-
$0/TemplatesFile.cfx
-
$0/TemplatesFolder.cfx
-
$0/UndoW7_XP.dat
-
$0/Update-CF.cmd
-
$0/VBR.pif
-
vbr_2049.dat
-
vbr_2050.dat
-
vbr_2051.dat
-
vbr_2052.dat
-
vbr_2053.dat
-
vbr_2054.dat
-
vbr_2055.dat
-
vbr_2056.dat
-
vbr_2057.dat
-
vbr_2058.dat
-
vbr_2059.dat
-
vbr_2060.dat
-
vbr_2061.dat
-
vbr_2062.dat
-
vbr_2063.dat
-
vbr_64.dat
-
vbr_65.dat
-
vbr_66.dat
-
vbr_67.dat
-
vbr_68.dat
-
vbr_69.dat
-
vbr_70.dat
-
vbr_71.dat
-
vbr_72.dat
-
vbr_73.dat
-
vbr_74.dat
-
vbr_75.dat
-
vbr_76.dat
-
vbr_77.dat
-
vbr_78.dat
-
$0/VINFO3
-
$0/VInfo
-
$0/VInfo2
-
$0/Vipev.dat
-
$0/VwinTemp.dacl
-
$0/Wmi_rem.vbs
-
$0/XPSBoot.reg
-
$0/appinit.bad
-
$0/asp.str
-
$0/av.cmd
-
$0/av.vbs
-
$0/badclsid.c
-
$0/c.bat
-
$0/catchme.3XE
Headers
Sections
-
$0/clsid.c
-
$0/dd.3XE
64d9aef39f523506361ff18b89009f8e
Headers
Imports
Sections
-
$0/ddsDo.sed
-
$0/dumphive.3XE
Headers
Sections
-
$0/embedded.sed
-
$0/extract.3XE
8e25b5eb3246f3f49ae2691af0c048a9
Headers
Imports
Sections
-
$0/ffdefstr.dll
-
$0/ffext.pif
-
$0/files.pif
-
$0/firefox.exe
Headers
Sections
-
$0/fl0.bat
-
$0/grep.3XE
c97b49126e50ac1ce7b74b693d30c071
Headers
Imports
Sections
-
$0/gsar.3XE
1e717a96b171e93af08d308d792e2988
Headers
Imports
Sections
-
$0/handle.3XE
Headers
Sections
-
$0/hidec.3XE
0b9ca80ff295945b3cf5762a07ef3d50
Headers
Imports
Sections
-
$0/history.bat
-
$0/hwid.pif
-
$0/iexplore.exe
Headers
Sections
-
$0/image001.gif
-
$0/iphlpsvc.vista.dat
-
$0/iphlpsvc.w7.dat
-
$0/iphlpsvc.w8.dat
-
$0/katch.cmd
-
$0/lnkread.vbs
-
$0/mbr.3XE
Headers
Sections
-
$0/mbr.chk
-
$0/md5sum.pif
-
$0/md5sum00.pif
-
$0/mtee.3XE
82221724921e808aa6400fa8d9c34ee4
Headers
Imports
Sections
-
$0/ncmd.com
-
$0/ndis_combofix.dat
-
$0/netsvc.bad.dat
-
$0/netsvc.dat
-
$0/netsvc.vista.dat
-
$0/netsvc.xp.dat
-
$0/nir.pif
Headers
Sections
-
$0/pausep.3XE
Headers
Sections
-
$0/pev.3XE
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/pevb.3XE
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/powp.dat
-
$0/pv.com
8839be4e39be293b659bfa988210ebfa
Headers
Imports
Sections
-
$0/region.dat
-
$0/restore_pt.vbs
-
$0/rmbr.3XE
Headers
Sections
-
$0/rogues.dat
-
$0/run2.sed
-
$0/s0rt.3XE
9653f3d648c148b092db8db2f905dab5
Headers
Imports
Sections
-
$0/safeboot.dat
-
$0/safeboot.def.dat
-
$0/safeboot.def.vista.dat
-
$0/sed.3XE
1cee480ebd694271852212fe8916758c
Headers
Imports
Sections
-
$0/setpath.3XE
Headers
Sections
-
$0/sqlite3.3XE
e2828d93bbf52eabeed9f6b346576534
Headers
Imports
Sections
-
$0/srizbi.md5
-
$0/svc_wht.dat
-
$0/svchost.dat
-
$0/svchost.vista.dat
-
$0/svchost.vista.x64.dat
-
$0/svchost.w7.dat
-
$0/svchost.w7.x64.dat
-
$0/svchost.w8.dat
-
$0/svchost.w8.x64.dat
-
$0/swreg.3XE
Headers
Sections
-
$0/swsc.3XE
Headers
Sections
-
$0/swxcacls.3XE
Headers
Sections
-
$0/system_ini.dat
-
$0/tail.3XE
c64fd2e23cff0a336f8eb4a43944d4d4
Headers
Imports
Sections
-
$0/toolbar.sed
-
$0/vistaMcode.dat
-
$0/vistareg.dat
-
$0/vun.dat
-
$0/w7Mcode.dat
-
$0/w7reg.dat
-
$0/w8reg.dat
-
$0/xpmcode.dat
-
$0/xpreg.dat
-
$0/zDomain.dat
-
$0/zhsvc.dat
-
$0/zip.3XE
96d53cbe726033acccdb834558b71d97
Headers
Imports
Sections
-
$PLUGINSDIR/Banner.dll
f81377f1c55b7962f1e18d52fc7eb628
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/ExecCmd.dll
bf44c9fb48bb8c36b3e2527e7252350d
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/System.dll
8c8a576201f68de1a3f26fc723b9f30f
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/UserInfo.dll
cce05dea98cbac3a9d486b233588f528
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/nsExec.dll
6b7d154c806f1e47db325229c300c6df
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/nsProcess.dll
a49b0342971aa199fc6349725b90146d
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/nsisdl.dll
35098e8775f91723e90a28745ef6495b
Headers
Imports
Exports
Sections
-
out.upx
Headers
Sections