General

  • Target

    b0f54d6bcdb7d4649ed8a928b018b4a4_JaffaCakes118

  • Size

    6.0MB

  • MD5

    b0f54d6bcdb7d4649ed8a928b018b4a4

  • SHA1

    6f498f7e9bf20e56463e1ed7f33ef1a2ac77f95d

  • SHA256

    c4e0171de578e6997063e58f3a8eacacdb48b154b0fd083f00b007d3f4eab979

  • SHA512

    6a4766dca52cb62219f76c6422e71812aa60df5e136f6ee24556b8cb0207a0a1d9c08832b3977b28f3d59ab43f5751c7d5da50fd9e0eefecbecdbe125f09166a

  • SSDEEP

    98304:QXBY8KDphorQ5dUAaDUrA5RHYpt22SfRxUmdQ93XbeH5YWJdu7pNH7Eccb+n3+u:sY8KthUK9A5R4nyXK9HbeuG+pNH7+Zu

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • b0f54d6bcdb7d4649ed8a928b018b4a4_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/tskill.exe
    .exe windows:5 windows x86 arch:x86

    ead04e37eebc34f4b490f34105609310


    Headers

    Imports

    Sections

  • $TEMP/nsisos.dll
    .dll windows:1 windows x86 arch:x86

    a70233c77fd258ec47709388c2338273


    Headers

    Imports

    Exports

    Sections

  • bin/_engineb.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • bin/cat.exe
    .exe windows:4 windows x86 arch:x86

    13dbe739b427c703b24f3d7396f351d7


    Headers

    Imports

    Sections

  • error.wav
  • finish.wav
  • media-converters.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • profile-fvcs
  • uninst.exe.nsis