Overview

overview

7

Static

static

7

wdfwsetup-v4.8.exe

windows7-x64

7

wdfwsetup-v4.8.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.vbs

windows7-x64

1

$PLUGINSDI...ll.vbs

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...cl.exe

windows7-x64

1

$PLUGINSDI...cl.exe

windows10-2004-x64

1

$PLUGINSDIR/vd.vbs

windows7-x64

1

$PLUGINSDIR/vd.vbs

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.vbs

windows7-x64

1

$PLUGINSDI...ll.vbs

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/vd.vbs

windows7-x64

1

$PLUGINSDIR/vd.vbs

windows10-2004-x64

1

web/about.asp

windows7-x64

3

web/about.asp

windows10-2004-x64

3

web/anticc.vbs

windows7-x64

1

web/anticc.vbs

windows10-2004-x64

1

web/apply.vbs

windows7-x64

1

web/apply.vbs

windows10-2004-x64

1

web/bottom.html

windows7-x64

1

web/bottom.html

windows10-2004-x64

1

web/config.vbs

windows7-x64

1

web/config.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    618bb42170eab6d594d42544812de5ff_JaffaCakes118

  • Size

    637KB

  • MD5

    618bb42170eab6d594d42544812de5ff

  • SHA1

    5bbcef46ec35c28fffe01339f259bd06bb0674d2

  • SHA256

    273dee1738adc599a0fd8f6f6e8a6ab4ed29f1e679dfb24adc7afb2f39d8cab2

  • SHA512

    3d2bb35c9e6b188c42eb8b713f60b6afb3f5e37096f2457fdc5c62ef908aa367dadbdcb567f2373ae277cd901970f8eb62a4c814bce915cebf3a30ee68f223d6

  • SSDEEP

    12288:UbeSAn7kxGRKBv2KqUP5GnKpv8e/3hL0ILTTSuXQEWRf3CDROkq8sq:8AooRZKq9sh5NFDLq8sq

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 618bb42170eab6d594d42544812de5ff_JaffaCakes118
    .rar
  • wdfwsetup-v4.8.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    295fc8c35dee88b924b0f6bafc807c6c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/install.vbs
    .vbs
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/setacl.exe
    .exe windows:4 windows x86 arch:x86

    0f7e6c07e76cced0f3eb0265ffe314fd


    Headers

    Imports

    Sections

  • $PLUGINSDIR/vd.vbs
    .vbs
  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    295fc8c35dee88b924b0f6bafc807c6c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/install.vbs
    .vbs
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/vd.vbs
    .vbs
  • script.txt
  • sdk/SDKӿ˵.txt
  • web/about.asp
  • web/anticc.asp
    .vbs
  • web/apply.asp
    .vbs
  • web/bottom.asp
    .html
  • web/config.asp
    .vbs
  • web/dirlist.asp
    .vbs
  • web/disableproxy.asp
    .vbs
  • web/findscript.asp
    .vbs
  • web/function.asp
    .vbs
  • web/global.asp
    .vbs
  • web/httpfilter.asp
    .vbs
  • web/iisguard.asp
    .vbs
  • web/index.asp
    .vbs
  • web/iplist.asp
    .vbs
  • web/linkprotect.asp
    .vbs
  • web/logout.asp
  • web/main.asp
  • web/md5.asp
    .vbs
  • web/menu.asp
  • web/start.asp
    .vbs
  • web/status.asp
    .vbs
  • web/stop.asp
    .vbs
  • web/threadlimit.asp
    .vbs
  • web/top.asp
    .html
  • web/trustscript.asp
    .vbs
  • web/weidun.png
    .png
  • weidun.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • weidun.exe
    .exe windows:4 windows x86 arch:x86

    0f5d651b46bc9046596cdbb98e873328


    Headers

    Imports

    Sections

  • weidun.ini
  • weidun.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    ca8765891c6ce21c9bf91ef84032da9f


    Headers

    Imports

    Exports

    Sections

  • װָ.txt
  • Ѱ˵.txt
  • ҵ˵.txt
  • IIS.bat
  • 新云软件.url
    .url