General

  • Target

    241ee876ddc57f89db307427fb259320_JaffaCakes118

  • Size

    2.0MB

  • MD5

    241ee876ddc57f89db307427fb259320

  • SHA1

    38ed915ac6b33f1453d60512b1ff359fca2db3dd

  • SHA256

    52ec4c4a65c48db4affdf02df13257f76ccc9dcdb9b4d85e1c80bee94d4bc860

  • SHA512

    d6dff93a6bd512d52c17b5d36830c1f1deba553ec43bb22549ef3d5e7610f50275a331e50ed7c31ec6b9d0dba4c8c1ccaffee7382fcca7b38e05205525591c04

  • SSDEEP

    49152:3uKJK/s8mXm5psV5WOvptxxbR+eqHCPUuWf8kDDZwYQjWoG:e8Xm/sLDRtbRLqicU0D2W1

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 241ee876ddc57f89db307427fb259320_JaffaCakes118
    .rar
  • Tvkingfree.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:4 windows x86 arch:x86

    2dfc6a992d004b736e85c64219a88b4a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/drivers/etc/hosts
  • PPSteam/PSNetwork.dll
    .dll windows:4 windows x86 arch:x86

    260926e96600b6973ab6bd65155e536a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PPSteam/PowerList.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    e4197e66afe241c7aa26e2bdac468c14


    Headers

    Imports

    Exports

    Sections

  • PPSteam/PowerPlayer.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    f9bad84bd0708d6b2a19823294cb2090


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PPSteam/pp2play.dll
    .dll windows:4 windows x86 arch:x86

    b4342e0c3831cddde2421170f2967eb3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PPSteam/vodnet.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    1608bae5534c917be4fa08ef589ad991


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PPSteam/vodres.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    378ef620bb56e320a4ff7002af4c8fb0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Readme.txt
  • Regdll.cmd
  • Sitehosts.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • Tvking2007.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • style.ssk
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • 新云软件.url
    .url