Overview

overview

7

Static

static

7

Dreamweave...��.url

windows7-x64

1

Dreamweave...��.url

windows10-2004-x64

1

PE2006_DLL.exe

windows7-x64

7

PE2006_DLL.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$SYSDIR/PE_Admin6.dll

windows7-x64

7

$SYSDIR/PE_Admin6.dll

windows10-2004-x64

7

$SYSDIR/PE...e6.dll

windows7-x64

7

$SYSDIR/PE...e6.dll

windows10-2004-x64

7

$SYSDIR/PE_CRM6.dll

windows7-x64

7

$SYSDIR/PE_CRM6.dll

windows10-2004-x64

7

$SYSDIR/PE...n6.dll

windows7-x64

7

$SYSDIR/PE...n6.dll

windows10-2004-x64

7

$SYSDIR/PE...n6.dll

windows7-x64

7

$SYSDIR/PE...n6.dll

windows10-2004-x64

7

$SYSDIR/PE_EShop6.dll

windows7-x64

7

$SYSDIR/PE_EShop6.dll

windows10-2004-x64

7

$SYSDIR/PE...k6.dll

windows7-x64

7

$SYSDIR/PE...k6.dll

windows10-2004-x64

7

$SYSDIR/PE_House6.dll

windows7-x64

7

$SYSDIR/PE_House6.dll

windows10-2004-x64

7

$SYSDIR/PE_Job6.dll

windows7-x64

7

$SYSDIR/PE_Job6.dll

windows10-2004-x64

7

$SYSDIR/PE_OA6.dll

windows7-x64

7

$SYSDIR/PE_OA6.dll

windows10-2004-x64

7

$SYSDIR/PE_Photo6.dll

windows7-x64

7

$SYSDIR/PE_Photo6.dll

windows10-2004-x64

7

$SYSDIR/PE_Sdms6.dll

windows7-x64

7

$SYSDIR/PE_Sdms6.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    451e2ef2d2a8908d07d616a24a3c353f_JaffaCakes118

  • Size

    16.4MB

  • MD5

    451e2ef2d2a8908d07d616a24a3c353f

  • SHA1

    fbfd297b778b6130a1ba8227c92caa23e457cdb0

  • SHA256

    3825422ca156b7daab7ae3f578f6c429fa72ba87f89a3b6f0acc4e47d5afb2c3

  • SHA512

    de4d60c675da81a198d57907277db9e0102f452e7e1662e34acedf1f42fdcd194330ce2c53e3c1c6ef87673e4b0e0a0085bd8be201e1b2ee96ad059eead8f0a6

  • SSDEEP

    393216:kGK/8sOtHXQCN48FWk7U+v+zSrZBGABEi8:hKBOdQ58pU+vx9YABEi8

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 17 IoCs

    Detects file using ACProtect software.

  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 29 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • 451e2ef2d2a8908d07d616a24a3c353f_JaffaCakes118
    .rar
  • Dreamweaver标签插件/PE_2006_DW2004.mxp
  • Dreamweaver标签插件/PE_2006_DW8.mxp
  • Dreamweaver标签插件/PE_2006_DWMX.mxp
  • Dreamweaver标签插件/使用说明.mht
    .eml
  • attachment-2
    .gif
  • attachment-3
    .gif
  • attachment-4
    .gif
  • attachment-5
    .gif
  • attachment-6
    .gif
  • attachment-7
    .gif
  • attachment-8
    .gif
  • email-html-1.txt
    .html
  • Dreamweaver标签插件/新云软件.url
    .url
  • PE2006_DLL.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    f835ad7f9363dc017c6826af3baa9002


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/PE_Admin6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/PE_Article6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/PE_CRM6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/PE_Collection6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/PE_Common6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/PE_EShop6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/PE_GuestBook6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_House6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Job6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_OA6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Photo6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Sdms6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Soft6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Space6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Supply6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Survey6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $SYSDIR/PE_Upload6.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • PowerEasy2006.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • 动易RSS阅读器/PowerEasyRss.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • 动易RSS阅读器/RSS阅读器说明.txt
  • 动易服务指南.doc
    .doc windows office2003
  • 动易系列软件产品最终用户许可协议.doc
    .doc windows office2003
  • 动易系统探针程序/PE_detect.asp
    .asp .vbs polyglot
  • 动易系统探针程序/使用说明.txt
  • 动易通行证/PDO_API统一接口数据同步程序/UserSynchro/Code/client.js
    .js
  • 动易通行证/PDO_API统一接口数据同步程序/UserSynchro/Code/style.css
  • 动易通行证/PDO_API统一接口数据同步程序/UserSynchro/ReadMe.txt
  • 动易通行证/PDO_API统一接口数据同步程序/UserSynchro/UserSynchro.asp
    .vbs
  • 动易通行证/PDO_API统一接口数据同步程序/UserSynchro/index.htm
    .html
  • 动易通行证/PDO统一接口开发规范1.0.doc
    .doc windows office2003
  • 动易通行证/动易通行证使用指南.doc
    .doc windows office2003
  • 升级及转换程序/动易 2005版 To 2006版 数据库升级程序/Update_2006.asp
    .asp .vbs polyglot
  • 升级及转换程序/动易 2005版 To 2006版 数据库升级程序/升级说明.txt
  • 升级及转换程序/动易2006版 数据转换迁移程序/PE2006_DataTrans.asp
    .asp .vbs polyglot
  • 升级及转换程序/动易2006版 数据转换迁移程序/数据转换迁移说明.txt
  • 相关说明/为什么免费提供功能强大的普及版?.url
  • 相关说明/为什么您需要购买商业版?.url
  • 相关说明/产品简介.url
  • 相关说明/关于动易.url
  • 相关说明/功能改进说明.url
  • 相关说明/动易CMS普及版与其他版本有什么区别?.url
  • 相关说明/动易eShop普及版与其他版本有什么区别?.url
  • 相关说明/动易论坛.url
  • 相关说明/动易起航--动易培训中心 首 页.url
  • 相关说明/安装说明.url
  • 相关说明/帮助中心.url