Overview

overview

7

Static

static

4

AxCrypt-Se....1.exe

windows7-x64

7

AxCrypt-Se....1.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$SYSDIR/psapitmp.dll

windows7-x64

1

$SYSDIR/psapitmp.dll

windows10-2004-x64

1

$_5_/AxCrypt.exe

windows7-x64

1

$_5_/AxCrypt.exe

windows10-2004-x64

1

$_5_/AxDecrypt.exe

windows7-x64

1

$_5_/AxDecrypt.exe

windows10-2004-x64

1

$_5_/Messages.dll

windows7-x64

1

$_5_/Messages.dll

windows10-2004-x64

1

$_5_/Notify.exe

windows7-x64

7

$_5_/Notify.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$_5_/ShellExt.dll

windows7-x64

1

$_5_/ShellExt.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    5f043c59cedf831f236e5c9af7ea411f_JaffaCakes118

  • Size

    1.2MB

  • MD5

    5f043c59cedf831f236e5c9af7ea411f

  • SHA1

    8606d3ce5912f34f94912493c5dfcb2c7be38bd4

  • SHA256

    9db58c390a3a5804690bd2d09e85d541c0cafe5e4002bd10295c89783a9d7347

  • SHA512

    bb9786efa572e8e11c8ef1d503983f87980bded670ac217a5107dab187b6bca4c48d7002e6f6687f46cc40adcdd37045c66971b39b05fa9d578407d4b6cc27ae

  • SSDEEP

    24576:X34+o32N5O6CUhOj7lo+LHGsgWfabuPc0PF4f9oyetxCoG66aRIwR:X95NtzklbLLf5U0Pif93oyq

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 5f043c59cedf831f236e5c9af7ea411f_JaffaCakes118
    .rar
  • AxCrypt-Setup-1.6.4.1.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    946eb0a1e85c9ade4acaf634eb5a64f1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    7868cd55f358bfb360f9eb8ce1512ca0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    0c24267a193680d66774bba8dbc65cc0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/ionotify.ini
  • $PLUGINSDIR/iopcheck.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/psapitmp.dll
    .dll windows:4 windows x86 arch:x86

    3b5b4bad881057af15fc35648ebcf206


    Headers

    Imports

    Exports

    Sections

  • $_5_/AxCrypt.exe
    .exe windows:4 windows x86 arch:x86

    67ea90c72e33b5b775636de5c6b13d15


    Code Sign

    Headers

    Imports

    Sections

  • $_5_/AxCrypt.ico
  • $_5_/AxDecrypt.exe
    .exe windows:4 windows x86 arch:x86

    16e843c79b47fd9bd9337b580344171d


    Code Sign

    Headers

    Imports

    Sections

  • $_5_/Config.xml
  • $_5_/Messages.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $_5_/Notify.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    946eb0a1e85c9ade4acaf634eb5a64f1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/ionotify.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $_5_/ShellExt.dll
    .dll windows:4 windows x86 arch:x86

    84b0058deaf49d70a94d1ec4f8919e62


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_5_/Sigs.xml
  • AxCrypt-Manual.pdf
    .pdf

    • http://axcrypt.sourceforge.net/

    • http://sourceforge.net/projects/axcrypt

    • http://sourceforge.net/projects/axcrypten-US

    • http://www.axantum.com/

  • AxCryptU.exe.nsis
  • ChangeLog.txt
  • GNU General Public License.txt
  • ReadMe.html
    .html
  • RelNotes.txt
  • axcrypt.css
  • etc/AxCrypt-DisableTryBrokenFile.reg
  • etc/AxCrypt-EnableTryBrokenFile.reg
  • etc/AxCrypt-English.reg
  • etc/AxCrypt-HideAxxExtension.reg
  • etc/AxCrypt-ShellExtensions-Approved.reg
  • etc/AxCrypt-ShowAxxExtension.reg
  • etc/AxCrypt-Svenska.reg
  • etc/Passwords.txt
  • etc/Passwords.xls
    .xls windows office2003
  • 新云软件.url
    .url