Overview

overview

7

Static

static

7

sr_PasswordAngell.exe

windows7-x64

7

sr_PasswordAngell.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/srctstif.exe

windows7-x64

1

$TEMP/srctstif.exe

windows10-2004-x64

1

PasswordAn...ck.dll

windows7-x64

1

PasswordAn...ck.dll

windows10-2004-x64

1

PasswordAn...lp.chm

windows7-x64

1

PasswordAn...lp.chm

windows10-2004-x64

1

PasswordAn...ll.exe

windows7-x64

7

PasswordAn...ll.exe

windows10-2004-x64

7

PasswordAn...ll.dll

windows7-x64

7

PasswordAn...ll.dll

windows10-2004-x64

7

PasswordAn...de.dll

windows7-x64

4

PasswordAn...de.dll

windows10-2004-x64

4

PasswordAn...od.dll

windows7-x64

7

PasswordAn...od.dll

windows10-2004-x64

7

PasswordAn...if.dll

windows7-x64

1

PasswordAn...if.dll

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    05ecf28a90347cb92fbd128a974cc769_JaffaCakes118

  • Size

    2.7MB

  • MD5

    05ecf28a90347cb92fbd128a974cc769

  • SHA1

    45d647b898e0c328b87a9303bf615ba5c6402dc1

  • SHA256

    f8aa0a381244516475ea9aa913f7a601545c227affbaf71185f134f9272a3ea2

  • SHA512

    87460f084af8a17784f90350429fed8c279044b6fe583f4b88b02ba5e62717bbc6e33c5f5c62f56f9faff9881ccbcaf60d2984eef3f3077c6d67045b4865aa34

  • SSDEEP

    49152:Ryy9Xysc8fNZAp1QMcVn+eVBis0CUibnnUW98PhX0LH5QxPGDGZ3:R99iscaNc1QMgpL3UibnUW98PxC5QxPP

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 05ecf28a90347cb92fbd128a974cc769_JaffaCakes118
    .rar
  • sr_PasswordAngell.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    c480ee4d2a64d4a16edee43fdfe35079


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $TEMP/srctstif.exe
    .exe windows:5 windows x86 arch:x86

    bd4e6c27514a0e4a665ec510d0147105


    Code Sign

    Headers

    Imports

    Sections

  • PasswordAngell/AngellSafe.log
  • PasswordAngell/IELock.dll
    .dll windows:5 windows x86 arch:x86

    301ab09c6383ce5591197b822be2ec92


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PasswordAngell/PAHelp.CHM
    .chm
  • PasswordAngell/PasswordAngell.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • PasswordAngell/PasswordProtectDll.dll
    .dll windows:5 windows x86 arch:x86

    92f58bf64946146136432e0b25c8bd32


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PasswordAngell/SoftLeak.dat
  • PasswordAngell/Upgrade.dll
    .dll windows:5 windows x86 arch:x86

    6a4dbb08f64de8d01e314cd48927b5a0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PasswordAngell/kbsafemod.dll
    .dll windows:5 windows x86 arch:x86

    55eee1a055fad26c21452874904741e8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PasswordAngell/policy
  • PasswordAngell/srctstif.dll
    .dll windows:5 windows x86 arch:x86

    24d2937ffea4db97ef2ce93b1d7e40eb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • pauninst.exe.nsis
  • 新云软件.url
    .url