Overview

overview

7

Static

static

7

adaa9c6a37...18.exe

windows7-x64

7

adaa9c6a37...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

GdiPlus.dll

windows7-x64

3

GdiPlus.dll

windows10-2004-x64

3

grdes50.dll

windows7-x64

7

grdes50.dll

windows10-2004-x64

7

gregn50.dll

windows7-x64

7

gregn50.dll

windows10-2004-x64

7

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

sqlite3.dll

windows7-x64

3

sqlite3.dll

windows10-2004-x64

3

upcheck.exe

windows7-x64

1

upcheck.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    adaa9c6a3734de803c68b0a58e66c064_JaffaCakes118

  • Size

    5.7MB

  • MD5

    adaa9c6a3734de803c68b0a58e66c064

  • SHA1

    72012008efee589b9fbbd5e6f8ef206bf04d13a2

  • SHA256

    ec179c4b3dbaf9cd54bf4f9a7482d873562f8acfed75c0da9b887e5dd666130b

  • SHA512

    aea5f88c4b3567f243a8ffe9870b87ed012f851bc885ea430f52c129e060dc3f5345b84f9141d898720e0695721b7835d8c5153e7974f1869a779886120f77aa

  • SSDEEP

    98304:7E0/0AyWwcJY8SFcrF3pipEKpA0O3c42fBlRACpiTKT1KhZvgsYz//n3sjgBvbLm:7r/0/cJYg3spE2rz7BlBoG0tG3ncuoBP

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • adaa9c6a3734de803c68b0a58e66c064_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    b40f29cd171eb54c01b1dd2683c9c26b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    3fe69ff2de04834c67a82c79fa52ebe2


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • GdiPlus.dll
    .dll windows:6 windows x86 arch:x86

    5c3e3e3c6795c2a59bbb9fb0c591387f


    Headers

    Imports

    Exports

    Sections

  • License.txt
  • common/initialize.wmb
  • common/initialize.ymb
  • common/testprinter.wmb
  • common/testprinterV2.wmb
  • grdes50.dll
    .dll regsvr32 windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • gregn50.dll
    .dll regsvr32 windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • inc/config.ini
  • inc/count.ini
  • main.exe
    .exe windows:4 windows x86 arch:x86

    7db033a8208f3ba83aa44ee1f6c4ecc0


    Code Sign

    Headers

    Imports

    Sections

  • sqlite3.dll
    .dll windows:5 windows x86 arch:x86

    fe7c853638edb85de0210927c503c14e


    Headers

    Imports

    Exports

    Sections

  • templet/mb_˳·á´ó½ÖÁ¸Û°Ą̈.wmb
  • templet/mb_˳·á¹ú¼Ê(2012).wmb
  • templet/mb_˳·á¹ú¼Ê(2013).wmb
  • templet/mb_˳·á¹úÄÚ(2012).wmb
  • templet/mb_˳·á¹úÄÚ(2012±³½º).wmb
  • templet/mb_˳·á¹úÄÚ(2012ʵÎï).wmb
  • templet/mb_˳·á¹úÄÚ(2013).wmb
  • templet/mb_˳·á¹úÄÚ(¾É°æ).wmb
  • templet/mb_˳·á¹úÄÚ(¾É°æʵÎï).wmb
  • templet/mb_˳·áÇ©µ¥·µ»¹(2012).wmb
  • templet/mb_˳·áÇ©µ¥·µ»¹(2013).wmb
  • templet/mb_˳·ą́Íå.wmb
  • uninst.exe.nsis
  • upcheck.exe
    .exe windows:4 windows x86 arch:x86

    f280c7dc09b62fb16ad6bf1d165c7dbf


    Code Sign

    Headers

    Imports

    Sections