Resubmissions

20-07-2024 08:59

240720-kx75yayepb 7

General

  • Target

    5fd786cf865b633a290b8b0148a9c9c6_JaffaCakes118

  • Size

    1.8MB

  • MD5

    5fd786cf865b633a290b8b0148a9c9c6

  • SHA1

    fa65b3ae2cd37a5a5db88f9f11c72eb44088aa7a

  • SHA256

    583fa78512da1c1a4a27b57031140fc5d1c6d320908bd288a435182f20d5bad9

  • SHA512

    c05cc841851ad345de7ef345ac0425c76b492cba7e8fedeee5b16b2a2e4f947aa120ca0f159b0bc8e3fb8cedfbe47e274a63012f1bbc8ed48650da069daeab67

  • SSDEEP

    49152:odzmZI7sBubIqSmT/MLRpEPKPocxt1aruajt:KSBubB90LRDocxWr7

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 35 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 8 IoCs

Files

  • 5fd786cf865b633a290b8b0148a9c9c6_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $LOCALAPPDATA/bloson.bmp
  • $LOCALAPPDATA/dealply.bmp
  • $LOCALAPPDATA/facemoods.bmp
  • $LOCALAPPDATA/funmoods.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $LOCALAPPDATA/Google/Chrome/User Data/default/Local Storage/chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage
  • $PLUGINSDIR/ExtractDLLEx.dll
    .dll windows:4 windows x86 arch:x86

    bab48790663c56c456d63bc3e045f161


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/IEFunctions.dll
    .dll windows:5 windows x86 arch:x86

    ae3c20f5897e4e6190276a273c58129b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    24a4a671f5cc294ce3543d18a1e873cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:5 windows x86 arch:x86

    eaa5f91829171a65db414b9e64ec9548


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Time.dll
    .dll windows:4 windows x86 arch:x86

    2e3a4d1f132aea64d421c1e936bcc407


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/chrmPref.dll
    .dll windows:5 windows x86 arch:x86

    73560154a4cae5f2674985bd67926ba9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/mt.dll
    .dll windows:5 windows x86 arch:x86

    4b5bae2aede4b4438c292da900ad65e1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisos.dll
    .dll windows:1 windows x86 arch:x86

    a70233c77fd258ec47709388c2338273


    Headers

    Imports

    Exports

    Sections

  • $_12_/searchplugins/funmoods.xml
  • FM4ffx.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Time.dll
    .dll windows:4 windows x86 arch:x86

    2e3a4d1f132aea64d421c1e936bcc407


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/mt.dll
    .dll windows:5 windows x86 arch:x86

    4b5bae2aede4b4438c292da900ad65e1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisos.dll
    .dll windows:1 windows x86 arch:x86

    a70233c77fd258ec47709388c2338273


    Headers

    Imports

    Exports

    Sections

  • $_12_/extensions/[email protected]/chrome.manifest
  • $_12_/extensions/[email protected]/content/funmoods.css
  • $_12_/extensions/[email protected]/content/funmoods.xul
    .js
  • $_12_/extensions/[email protected]/content/imgs/arwDwn.gif
    .gif
  • $_12_/extensions/[email protected]/content/imgs/flgs/ae.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/bg.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/ch.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/cn.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/cz.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/de.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/eg.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/en.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/es.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/fr.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/gr.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/he.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/il.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/it.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/ja.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/jp.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/nl.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/no.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/pl.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/pt.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/ro.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/ru.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/sa.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/se.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/sv.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/tr.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/ua.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/flgs/us.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/help_16.gif
    .gif
  • $_12_/extensions/[email protected]/content/imgs/home.gif
    .gif
  • $_12_/extensions/[email protected]/content/imgs/logo.png
    .png
  • $_12_/extensions/[email protected]/content/imgs/privecy_16_hot.gif
    .gif
  • $_12_/extensions/[email protected]/content/imgs/tellafriend.gif
    .gif
  • $_12_/extensions/[email protected]/content/loader.xul
    .js .xml polyglot
  • $_12_/extensions/[email protected]/content/mtstart.js
    .js
  • $_12_/extensions/[email protected]/content/tmplt.js
    .js
  • $_12_/extensions/[email protected]/content/uninsthk.js
    .js
  • $_12_/extensions/[email protected]/install.rdf
    .xml
  • $_12_/extensions/staged/[email protected]/[email protected]
  • $_12_/searchplugins/funmoods.xml
  • funmoods.xpi
    .zip
  • META-INF/le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
  • META-INF/le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
  • META-INF/manifest.mf
  • chrome.manifest
  • content/funmoods.css
  • content/funmoods.xul
    .js
  • content/imgs/arwDwn.gif
    .gif
  • content/imgs/flgs/ae.png
    .png
  • content/imgs/flgs/bg.png
    .png
  • content/imgs/flgs/ch.png
    .png
  • content/imgs/flgs/cn.png
    .png
  • content/imgs/flgs/cz.png
    .png
  • content/imgs/flgs/de.png
    .png
  • content/imgs/flgs/eg.png
    .png
  • content/imgs/flgs/en.png
    .png
  • content/imgs/flgs/es.png
    .png
  • content/imgs/flgs/fr.png
    .png
  • content/imgs/flgs/gr.png
    .png
  • content/imgs/flgs/he.png
    .png
  • content/imgs/flgs/il.png
    .png
  • content/imgs/flgs/it.png
    .png
  • content/imgs/flgs/ja.png
    .png
  • content/imgs/flgs/jp.png
    .png
  • content/imgs/flgs/nl.png
    .png
  • content/imgs/flgs/no.png
    .png
  • content/imgs/flgs/pl.png
    .png
  • content/imgs/flgs/pt.png
    .png
  • content/imgs/flgs/ro.png
    .png
  • content/imgs/flgs/ru.png
    .png
  • content/imgs/flgs/sa.png
    .png
  • content/imgs/flgs/se.png
    .png
  • content/imgs/flgs/sv.png
    .png
  • content/imgs/flgs/tr.png
    .png
  • content/imgs/flgs/ua.png
    .png
  • content/imgs/flgs/us.png
    .png
  • content/imgs/help_16.gif
    .gif
  • content/imgs/home.gif
    .gif
  • content/imgs/logo.png
    .png
  • content/imgs/privecy_16_hot.gif
    .gif
  • content/imgs/tellafriend.gif
    .gif
  • content/loader.xul
    .js .xml polyglot
  • content/mtstart.js
    .js
  • content/tmplt.js
    .js
  • content/uninsthk.js
    .js
  • install.rdf
    .xml
  • FM4ie.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $LOCALAPPDATA/Google/Chrome/User Data/default/Local Storage/chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage
  • $PLUGINSDIR/ExtractDLLEx.dll
    .dll windows:4 windows x86 arch:x86

    bab48790663c56c456d63bc3e045f161


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    24a4a671f5cc294ce3543d18a1e873cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:5 windows x86 arch:x86

    eaa5f91829171a65db414b9e64ec9548


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Time.dll
    .dll windows:4 windows x86 arch:x86

    2e3a4d1f132aea64d421c1e936bcc407


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/chrmPref.dll
    .dll windows:5 windows x86 arch:x86

    73560154a4cae5f2674985bd67926ba9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/mt.dll
    .dll windows:5 windows x86 arch:x86

    4b5bae2aede4b4438c292da900ad65e1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisos.dll
    .dll windows:1 windows x86 arch:x86

    a70233c77fd258ec47709388c2338273


    Headers

    Imports

    Exports

    Sections

  • $_12_/searchplugins/funmoods.xml
  • bh/funmoods.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    d47b1e55220a4ab084e05fc6d1d43f73


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • funmoodsApp.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    e35113ee0fd47e29fc8dfce476256148


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • funmoodsEng.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    f557e9fb9f5265548bcf5dc283c79ef2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • funmoodsOEM.crx
    .zip
  • background.html
    .html .js polyglot
  • dropdown.html
    .html .js polyglot
  • img/128.png
    .png
  • img/16.png
    .png
  • img/32.png
    .png
  • img/48.png
    .png
  • img/64.png
    .png
  • img/ajax-loader.gif
    .gif
  • js/FMLoader.js
    .js
  • js/mtrprt.js
    .js
  • manifest.json
  • style/funmoods_chrome_1.0.1.css
  • funmoodsTlbr.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    ba74bcfef586b29720db3f114112697c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • funmoodssrv.exe
    .exe windows:5 windows x86 arch:x86

    4adc191a64065fbf77b874c712d735dd


    Code Sign

    Headers

    Imports

    Sections

  • uninstall.exe.nsis
  • $LOCALAPPDATA/lateral1.bmp
  • $LOCALAPPDATA/lateral2.bmp
  • $LOCALAPPDATA/lateral3.bmp
  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    9b6b6a7858e17fb0b17e1c1428330343


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    e886a412cdaf11998a8eeffda508e913


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/md5dll.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsRandom.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections