Overview

overview

7

Static

static

7

2f416b7a58...18.exe

windows7-x64

7

2f416b7a58...18.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

ChnCharInfo.dll

windows7-x64

1

ChnCharInfo.dll

windows10-2004-x64

1

DevCompone...r2.dll

windows7-x64

1

DevCompone...r2.dll

windows10-2004-x64

1

Interop.MSXML2.dll

windows7-x64

1

Interop.MSXML2.dll

windows10-2004-x64

1

Interop.SHDocVw.dll

windows7-x64

1

Interop.SHDocVw.dll

windows10-2004-x64

1

IrisSkin2.dll

windows7-x64

1

IrisSkin2.dll

windows10-2004-x64

1

bdyxw.dll

windows7-x64

7

bdyxw.dll

windows10-2004-x64

7

edithtm/index.html

windows7-x64

1

edithtm/index.html

windows10-2004-x64

1

edithtm/kindeditor.js

windows7-x64

3

edithtm/kindeditor.js

windows10-2004-x64

3

edithtm/pl...h.html

windows7-x64

1

edithtm/pl...h.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f416b7a58deefb212e5c07fe73139dd_JaffaCakes118

  • Size

    2.7MB

  • MD5

    2f416b7a58deefb212e5c07fe73139dd

  • SHA1

    bd8d4f6d8d6e12f08376ba547215d30834ff91ca

  • SHA256

    13e8616673a37715f239a90c459060f3388b577bef7e58f20f50295a0f9e703c

  • SHA512

    7f76f706e8a0b96053a31e75ffdc9749304ec41ccd05513f739420032a52d09a485602dfa10d29e9e143ea5b3a83c5090469845764986dd598c9f5927126344d

  • SSDEEP

    49152:gh+rY6QBxj3stByLy1JmzOkXQmdJr3CeI4qY/OciLq26EhIE0f9eIleHOKAGXxB7:b4ytMmJmzTgmP3n1q2PYz6II1oKaOP0L

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 20 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 2f416b7a58deefb212e5c07fe73139dd_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/Base64.dll
    .dll windows:4 windows x86 arch:x86

    1ba6926a1ee4e4cda118768081f528d5


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BrandingURL.dll
    .dll windows:4 windows x86 arch:x86

    135de77644e2add2fd9dd8176740e7e0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/blowfish.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    3f1149a3053980fe6b461521d2b55a2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • ChnCharInfo.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • DevComponents.DotNetBar2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Interop.MSXML2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Interop.SHDocVw.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • IrisSkin2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Skin.ssk
  • bdyxw.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • data/account.mdb
  • data/config.ini
  • data/history.xml
  • data/keyword.txt
  • data/keyword2.txt
  • data/link.txt
  • data/login.ini
  • data/superlink.txt
  • data/synonyms.txt
  • data/tieba.xml
  • edithtm/26.png
    .png
  • edithtm/Thumbs.db
  • edithtm/index.html
    .js
  • edithtm/kindeditor.js
    .js
  • edithtm/logo.ico
  • edithtm/plugins/emoticons/etc_01.gif
    .gif
  • edithtm/plugins/emoticons/etc_02.gif
    .gif
  • edithtm/plugins/emoticons/etc_03.gif
    .gif
  • edithtm/plugins/emoticons/etc_04.gif
    .gif
  • edithtm/plugins/emoticons/etc_05.gif
    .gif
  • edithtm/plugins/emoticons/etc_06.gif
    .gif
  • edithtm/plugins/emoticons/etc_07.gif
    .gif
  • edithtm/plugins/emoticons/etc_08.gif
    .gif
  • edithtm/plugins/emoticons/etc_09.gif
    .gif
  • edithtm/plugins/emoticons/etc_10.gif
    .gif
  • edithtm/plugins/emoticons/etc_11.gif
    .gif
  • edithtm/plugins/emoticons/etc_12.gif
    .gif
  • edithtm/plugins/emoticons/etc_13.gif
    .gif
  • edithtm/plugins/emoticons/etc_14.gif
    .gif
  • edithtm/plugins/emoticons/etc_15.gif
    .gif
  • edithtm/plugins/emoticons/etc_16.gif
    .gif
  • edithtm/plugins/emoticons/etc_17.gif
    .gif
  • edithtm/plugins/emoticons/etc_18.gif
    .gif
  • edithtm/plugins/emoticons/etc_19.gif
    .gif
  • edithtm/plugins/emoticons/etc_20.gif
    .gif
  • edithtm/plugins/emoticons/etc_21.gif
    .gif
  • edithtm/plugins/emoticons/etc_22.gif
    .gif
  • edithtm/plugins/emoticons/etc_23.gif
    .gif
  • edithtm/plugins/emoticons/etc_24.gif
    .gif
  • edithtm/plugins/emoticons/etc_25.gif
    .gif
  • edithtm/plugins/emoticons/etc_26.gif
    .gif
  • edithtm/plugins/emoticons/etc_27.gif
    .gif
  • edithtm/plugins/emoticons/etc_28.gif
    .gif
  • edithtm/plugins/emoticons/etc_29.gif
    .gif
  • edithtm/plugins/emoticons/etc_30.gif
    .gif
  • edithtm/plugins/emoticons/etc_31.gif
    .gif
  • edithtm/plugins/emoticons/etc_32.gif
    .gif
  • edithtm/plugins/emoticons/etc_33.gif
    .gif
  • edithtm/plugins/emoticons/etc_34.gif
    .gif
  • edithtm/plugins/emoticons/etc_35.gif
    .gif
  • edithtm/plugins/emoticons/etc_36.gif
    .gif
  • edithtm/plugins/flash.html
    .html
  • edithtm/plugins/image.html
    .html
  • edithtm/plugins/link.html
    .html
  • edithtm/plugins/media.html
    .html
  • edithtm/plugins/plainpaste.html
    .html
  • edithtm/plugins/remote_image.html
    .html
  • edithtm/plugins/wordpaste.html
    .html .js polyglot
  • edithtm/skins/Thumbs.db
  • edithtm/skins/default.css
  • edithtm/skins/default.gif
    .gif
  • edithtm/skins/div.gif
    .gif
  • edithtm/skins/dl.gif
    .gif
  • edithtm/skins/editor.css
  • edithtm/skins/ol.gif
    .gif
  • edithtm/skins/p.gif
    .gif
  • edithtm/skins/tinymce.css
  • edithtm/skins/tinymce.gif
    .gif
  • edithtm/skins/ul.gif
    .gif
  • httphelper.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • msxml2.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    fd3e97d1a321f0144f165f7ba65a857f


    Headers

    Imports

    Exports

    Sections

  • myms.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • skin/Thumbs.db
  • skin/daifa.gif
    .gif
  • skin/nodaifa.gif
    .gif
  • skin/recycle.gif
    .gif
  • skin/reload.gif
    .gif
  • skin/send.gif
    .gif
  • skin/send1.gif
    .gif
  • skin/send1.png
    .png
  • skin/send2.png
    .png
  • skin/write.gif
    .gif
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • update.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • ʹЭ.txt
  • ٶȲɼ.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • ٶӪ.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • /1688ŮͼƬɼ.txt
  • /sina.txt
  • ߸.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections