Overview

overview

7

Static

static

7

0979b3521c...18.exe

windows7-x64

7

0979b3521c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

ExpShell.dll

windows7-x64

1

ExpShell.dll

windows10-2004-x64

1

IrisSkin2.dll

windows7-x64

1

IrisSkin2.dll

windows10-2004-x64

1

Uninst.exe

windows7-x64

7

Uninst.exe

windows10-2004-x64

7

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

WindowsTot...ol.exe

windows7-x64

1

WindowsTot...ol.exe

windows10-2004-x64

1

WindowsTot...ol.url

windows7-x64

6

WindowsTot...ol.url

windows10-2004-x64

3

astd.dll

windows7-x64

7

astd.dll

windows10-2004-x64

7

dclean.exe

windows7-x64

7

dclean.exe

windows10-2004-x64

7

ds.exe

windows7-x64

1

ds.exe

windows10-2004-x64

1

ff.dll

windows7-x64

7

ff.dll

windows10-2004-x64

7

help.chm

windows7-x64

1

help.chm

windows10-2004-x64

1

hook.dll

windows7-x64

3

hook.dll

windows10-2004-x64

1

iconv.dll

windows7-x64

3

iconv.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    0979b3521c15531d425afa633c7037f8_JaffaCakes118

  • Size

    4.6MB

  • MD5

    0979b3521c15531d425afa633c7037f8

  • SHA1

    68a3213a5649c71b4beab097b6a9b6f3e1e3d25a

  • SHA256

    486621bef46924258a3b820e66ad5af766b0efac5c572945a888c519db464c0e

  • SHA512

    77bd7f510c3079971985f4b9c712441c0b3dc0c1c969471fa75b738907250a8f96b48a6c9d0d544077d62e2a7bdb3b23c466b9213dab88a408de81bce3248ef8

  • SSDEEP

    98304:eEX/3FUrZZi/BQAgLCSAsrY8/35IJl9WoQ3mTZpt3QFoHYqz4FIe:eY8Z4/BQLLLPPfi79HQOekte

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 39 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 0979b3521c15531d425afa633c7037f8_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/iOClean.ini
  • $PLUGINSDIR/ioFVM.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMPImages/fvm.bmp
  • $TEMPImages/ioClean.ini
  • $TEMPImages/ioFVM.ini
  • Acknowledgements.txt
  • DClean.ini
  • ExpShell.dll
    .dll windows:4 windows x86 arch:x86

    281d368a99bbf64f4cbc6373a0477397


    Headers

    Imports

    Exports

    Sections

  • IrisSkin2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Settings.ini
  • Uninst.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:4 windows x86 arch:x86

    f5edecae12589e705677a6e272ad0394


    Headers

    Imports

    Exports

    Sections

  • WindowsTotalControl.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • WindowsTotalControl.url
  • astd.dcp
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:1 windows x86 arch:x86


    Headers

    Sections

  • avs.conf
  • dclean.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ds.exe
    .exe windows:4 windows x86 arch:x86

    647a88d643462b50eb88074083fd945a


    Headers

    Imports

    Sections

  • ff.dcp
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • formpos.ini
  • help.chm
    .chm
  • hook.dll
    .dll windows:4 windows x86 arch:x86

    6481ad9aa47e618068a4af31dfedfa6a


    Headers

    Imports

    Exports

    Sections

  • iconv.dll
    .dll windows:4 windows x86 arch:x86

    e7aa0aeef61e4ca89f4b87b602f40e02


    Headers

    Imports

    Exports

    Sections

  • intl.dll
    .dll windows:4 windows x86 arch:x86

    81a8ffed6825b789d0466907286ffebf


    Headers

    Imports

    Exports

    Sections

  • libatk-1.0-0.dll
    .dll windows:4 windows x86 arch:x86

    0ffc12f0ab88c79740c027ef701306f5


    Headers

    Imports

    Exports

    Sections

  • libcairo-2.dll
    .dll windows:4 windows x86 arch:x86

    87631148a44c665480b4fd3c83d33048


    Headers

    Imports

    Exports

    Sections

  • libclamav.dll
    .dll windows:4 windows x86 arch:x86

    27e3785bec37a39a6dcefb360073e136


    Headers

    Imports

    Exports

    Sections

  • libfontconfig-1.dll
    .dll windows:4 windows x86 arch:x86

    1f95dec97a2075d26e447b3f34215944


    Headers

    Imports

    Exports

    Sections

  • libfreetype-6.dll
    .dll windows:4 windows x86 arch:x86

    1ef19d3d71b53bd9362bfbd7adb1a8ff


    Headers

    Imports

    Exports

    Sections

  • libgdk-win32-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    321662184ee6c9add1a52cfedfb162e9


    Headers

    Imports

    Exports

    Sections

  • libgdk_pixbuf-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    09f51b007fdf1c35215074599822f365


    Headers

    Imports

    Exports

    Sections

  • libglade-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    d535c959cafc8b47d67457c2fd672559


    Headers

    Imports

    Exports

    Sections

  • libglib-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    cb13770c40c35a0e5f0d83beaa0344b2


    Headers

    Imports

    Exports

    Sections

  • libgmodule-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    ab4f171842a471664b1ff7d4ddd14459


    Headers

    Imports

    Exports

    Sections

  • libgobject-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    5a7cf76671860b0dac4fc44d39fdb476


    Headers

    Imports

    Exports

    Sections

  • libgthread-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    55cb5869ea8c506811b4b33614a9972f


    Headers

    Imports

    Exports

    Sections

  • libgtk-win32-2.0-0.dll
    .dll windows:4 windows x86 arch:x86

    90ae1b888faa691c9d93694e3ce72d85


    Headers

    Imports

    Exports

    Sections

  • libpango-1.0-0.dll
    .dll windows:4 windows x86 arch:x86

    e00579e3b2b2d300f8b46f60b948d9d0


    Headers

    Imports

    Exports

    Sections

  • libpangocairo-1.0-0.dll
    .dll windows:4 windows x86 arch:x86

    975ecac1c8adef2d88f02e5535dd091a


    Headers

    Imports

    Exports

    Sections

  • libpangoft2-1.0-0.dll
    .dll windows:4 windows x86 arch:x86

    04c14152c846e893b23a596aa102f6cc


    Headers

    Imports

    Exports

    Sections

  • libpangowin32-1.0-0.dll
    .dll windows:4 windows x86 arch:x86

    886cab89d79c5b7db1aecb0c4a4d3f78


    Headers

    Imports

    Exports

    Sections

  • libpng12.dll
    .dll windows:4 windows x86 arch:x86

    81b58be098ab1577f3b52fa2109c15f7


    Headers

    Imports

    Exports

    Sections

  • libxml2.dll
    .dll windows:4 windows x86 arch:x86

    4dc7f9f9781f01dec5ca3eeae2160c77


    Headers

    Imports

    Exports

    Sections

  • license.txt
  • mru.dcp
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:1 windows x86 arch:x86


    Headers

    Sections

  • plug-ins/7zip.dct
  • plug-ins/CutePDFWriter.dct
  • plug-ins/WinImp.dct
  • plug-ins/abilityoffice.dct
  • plug-ins/abiword.dct
  • plug-ins/acdsee.dct
  • plug-ins/acroread45.dct
  • plug-ins/adaware.dct
  • plug-ins/adopagemill2.dct
  • plug-ins/agentnewsreader.dct
  • plug-ins/alcohol120.dct
  • plug-ins/anishop3.dct
  • plug-ins/aoltoolbar.dct
  • plug-ins/avg7.dct
  • plug-ins/axicons4.dct
  • plug-ins/bearshare.dct
  • plug-ins/ccgifanimator.dct
  • plug-ins/checkdisk.dct
  • plug-ins/commondialog.dct
  • plug-ins/cop2001.dct
  • plug-ins/cuteftp40.dct
  • plug-ins/cutehtml.dct
  • plug-ins/diskeeper5.dct
  • plug-ins/divxplayer.dct
  • plug-ins/driveImage6.dct
  • plug-ins/editPad.dct
  • plug-ins/editPlus2.dct
  • plug-ins/flash5.dct
  • plug-ins/flashget.dct
  • plug-ins/fotocanvaslite.dct
  • plug-ins/foxitreader.dct
  • plug-ins/freshdownload.dct
  • plug-ins/goldWave.dct
  • plug-ins/googleearth.dct
  • plug-ins/googletoolbar.dct
  • plug-ins/icq2000ab.dct
  • plug-ins/ieauto.dct
  • plug-ins/innoSetup.dct
  • plug-ins/izarc.dct
  • plug-ins/juno.dct
  • plug-ins/lotussmartsuite.dct
  • plug-ins/macromediadreamweaver40.dct
  • plug-ins/mapnetwork.dct
  • plug-ins/massdown.dct
  • plug-ins/mediaplayerclassic.dct
  • plug-ins/metapad.dct
  • plug-ins/microangelo.dct
  • plug-ins/msantispy.dct
  • plug-ins/msfrontpage.dct
  • plug-ins/msimaging.dct
  • plug-ins/msntoolbar.dct
  • plug-ins/msphotoeditor.dct
  • plug-ins/mspublisher.dct
  • plug-ins/msworks.dct
  • plug-ins/musicmatch.dct
  • plug-ins/nero.dct
  • plug-ins/netants.dct
  • plug-ins/netcaptor.dct
  • plug-ins/netscapetoolbar.dct
  • plug-ins/netzero.dct
  • plug-ins/officexp2000.dct
  • plug-ins/openoffice.dct
  • plug-ins/paintshoppro7.dct
  • plug-ins/pakscape.dct
  • plug-ins/popthis.dct
  • plug-ins/powerarchiver.dct
  • plug-ins/powerdvd.dct
  • plug-ins/powerzip60.dct
  • plug-ins/quicktime.dct
  • plug-ins/realone.dct
  • plug-ins/realplayer.dct
  • plug-ins/regcleaner.dct
  • plug-ins/regeditRecentKey.dct
  • plug-ins/search.dct
  • plug-ins/serifphotoplus.dct
  • plug-ins/setupfactory.dct
  • plug-ins/smartdraw6.dct
  • plug-ins/software602.dct
  • plug-ins/sonique.dct
  • plug-ins/spybotsnd.dct
  • plug-ins/spysweeper.dct
  • plug-ins/spywaredoctor.dct
  • plug-ins/sunsjava.dct
  • plug-ins/swiffplayer.dct
  • plug-ins/swish20.dct
  • plug-ins/theplaye.dct
  • plug-ins/uleadgifanimator.dct
  • plug-ins/webferret.dct
  • plug-ins/winAce.dct
  • plug-ins/winamp.dct
  • plug-ins/windump.dct
  • plug-ins/winlog.dct
  • plug-ins/winrar2x.dct
  • plug-ins/wintemp.dct
  • plug-ins/wperfect.dct
  • plug-ins/xpprefetch.dct
  • plug-ins/yahoo!messenger.dct
  • plug-ins/zonealarm.dct
  • zlib1.dll
    .dll windows:4 windows x86 arch:x86

    7e3560e4dd2deaa398fa039458dd4b4b


    Headers

    Imports

    Exports

    Sections