Overview

overview

7

Static

static

7

177b58c10b...18.exe

windows7-x64

3

177b58c10b...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

OfficePassword.dll

windows7-x64

7

OfficePassword.dll

windows10-2004-x64

7

OfficePass...RO.exe

windows7-x64

7

OfficePass...RO.exe

windows10-2004-x64

7

OfficeZip.dll

windows7-x64

1

OfficeZip.dll

windows10-2004-x64

1

OneNotePassword.dll

windows7-x64

7

OneNotePassword.dll

windows10-2004-x64

7

help/[ENG]...ry.chm

windows7-x64

1

help/[ENG]...ry.chm

windows10-2004-x64

1

uninstall.exe

windows7-x64

3

uninstall.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    177b58c10b45f5d81fce7ea63559e3db_JaffaCakes118

  • Size

    2.1MB

  • MD5

    177b58c10b45f5d81fce7ea63559e3db

  • SHA1

    d76e1402a2adc5e4cbf3f9a4904eaa685bcecd72

  • SHA256

    155cb36c25c2b65a1cb568a9a843ed702a0e62caceb36f7b740fdec47766536b

  • SHA512

    2726af3d1cd75a50600c736278496c2b7483c32144001322e459ece7f07956d1138f8cfe41a18f8a8d251f6a96cbfff7ae13d30e62cb5dafb499200a052f1286

  • SSDEEP

    49152:dwcsf1pCazJblrrfu0aNvnxkGJ/zr91K+26s6EVEW9uv4IXqcbGy+w:GcaTCazJblPfuHNvKSr91K+AVmFADc6U

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 12 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 177b58c10b45f5d81fce7ea63559e3db_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $DOCUMENTS/My Password Recovery/dictionary/Latin-Lowercase.idf
  • $DOCUMENTS/My Password Recovery/dictionary/Latin-Mixedcase.idf
  • $DOCUMENTS/My Password Recovery/dictionary/Latin-Uppercase.idf
  • $DOCUMENTS/My Password Recovery/dictionary/english.idf
  • $DOCUMENTS/My Password Recovery/kblayouts/Belarusian.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Belgian (Comma).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Belgian Dutch.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Belgian French.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Canadian French (Legacy).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Canadian French.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Canadian Multilingual Standard.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Danish.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Dutch.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Faeroese.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Finnish.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/French.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Gaelic.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/German (IBM).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/German.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Icelandic.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Irish.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Italian (142).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Italian.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Latin American.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Norwegian.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Portuguese (Brazilian ABNT).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Portuguese (Brazilian ABNT2).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Portuguese.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Russian (Typewriter).klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Russian.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Spanish Variation.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Spanish.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Swedish.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Swiss French.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Swiss German.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/US.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/Ukrainian.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/United Kingdom.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/United States-Dvorak for left hand.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/United States-Dvorak for right hand.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/United States-Dvorak.klc
  • $DOCUMENTS/My Password Recovery/kblayouts/United States-International.klc
  • $DOCUMENTS/My Password Recovery/profiles/Default.ap
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    7868cd55f358bfb360f9eb8ce1512ca0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • OfficePassword.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • OfficePasswordRecoveryPRO.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • OfficeZip.dll
    .dll windows:4 windows x86 arch:x86

    ab554f11259517f774fe7382c16e5ad4


    Headers

    Imports

    Sections

  • OneNotePassword.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • help/[ENG]OfficePasswordRecovery.chm
    .chm
  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections