Overview

overview

7

Static

static

3

6699a3134c...18.exe

windows7-x64

7

6699a3134c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/ANSMTP.dll

windows7-x64

1

$SYSDIR/ANSMTP.dll

windows10-2004-x64

1

$SYSDIR/ASYCFILT.dll

windows7-x64

1

$SYSDIR/ASYCFILT.dll

windows10-2004-x64

1

$SYSDIR/CMDLGCHT.dll

windows7-x64

1

$SYSDIR/CMDLGCHT.dll

windows10-2004-x64

1

$SYSDIR/COMCAT.dll

windows7-x64

1

$SYSDIR/COMCAT.dll

windows10-2004-x64

1

$SYSDIR/COMDLG32.dll

windows7-x64

1

$SYSDIR/COMDLG32.dll

windows10-2004-x64

1

$SYSDIR/DAO350.dll

windows7-x64

1

$SYSDIR/DAO350.dll

windows10-2004-x64

1

$SYSDIR/DBGRDCHT.dll

windows7-x64

1

$SYSDIR/DBGRDCHT.dll

windows10-2004-x64

1

$SYSDIR/DBGRID32.dll

windows7-x64

1

$SYSDIR/DBGRID32.dll

windows10-2004-x64

1

$SYSDIR/EXPSRV.dll

windows7-x64

1

$SYSDIR/EXPSRV.dll

windows10-2004-x64

1

$SYSDIR/FTP.dll

windows7-x64

1

$SYSDIR/FTP.dll

windows10-2004-x64

1

$SYSDIR/FTP.dll

windows7-x64

1

$SYSDIR/FTP.dll

windows10-2004-x64

1

$SYSDIR/Flash10b.dll

windows7-x64

1

$SYSDIR/Flash10b.dll

windows10-2004-x64

1

$SYSDIR/InetCHT.dll

windows7-x64

1

$SYSDIR/InetCHT.dll

windows10-2004-x64

1

$SYSDIR/MSADODC.dll

windows7-x64

1

$SYSDIR/MSADODC.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Errors

Reason
office: invalid record header

General

  • Target

    6699a3134cebb3da32a878c7ede3f10d_JaffaCakes118

  • Size

    5.3MB

  • MD5

    6699a3134cebb3da32a878c7ede3f10d

  • SHA1

    711c348ab4b1b20d16ee02bcb6e88c63f160febf

  • SHA256

    b20dec24deb811abf1f601802ddce98db524f11f02f238edb475a9291318218f

  • SHA512

    d1a1657ae5c31d4ef427e45b861684fb3f0e0d1ca9cb659e265f6522b783d861c2791c7636b4f146b14b8f6cc6f33f1842cba88dd62124ccc627e76f7395e638

  • SSDEEP

    98304:w3BGJBoaq4XGPL7Dn76hdqxxnEXWJnf1WmWz/PR8oSJtX61ixF:wxGJiarGPL76qcXWJ0XRqv6Y

Score
3/10

Malware Config

Signatures

  • Unsigned PE 41 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 6699a3134cebb3da32a878c7ede3f10d_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    237a51742fed62d237b6f1b75452402f


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/ANSMTP.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    fb89e3b21f3a75f7c01a3f0414abe8d6


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/ASYCFILT.DLL
    .dll windows:4 windows x86 arch:x86

    390ef37875e351d87137c1d1bddb9a0a


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CMDLGCHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/COMCAT.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    5316dd1ba7417f578451f902c4b4f845


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/COMDLG32.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    988f29c1eb8054253091352741683c76


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/DAO350.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    d249124e9bb3cd7ad1eff43913414080


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/DBGRDCHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/DBGRID32.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    6a64e5b2d788fc5ccfe5529f5f992734


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/EXPSRV.DLL
    .dll windows:4 windows x86 arch:x86

    548d9bb3cc3953486c58d739eb336b48


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/FTP.oca
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/FTP.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    2845f0be062686fdb60c8573c30176c0


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/Flash10b.oca
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/InetCHT.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/MSADODC.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    8e793d5ee63851225d4d05cc91524988


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSCMCCHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/MSCOMCTL.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    50ccb1d881ea89a41a10cced45c79649


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSDATGRD.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    876294974e137decb1d3a02e0db7e3b1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSJET35.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    5a8f0c2c86e4873e3c76638a66d64d75


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSJINT35.DLL
    .dll windows:4 windows x86 arch:x86

    8ca2a6bee2fbfbab8621d081d904b4da


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSJTER35.DLL
    .dll windows:4 windows x86 arch:x86

    3bca76fb5ba89dcc243aedc87ac45dff


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSMPICHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/MSRD2X35.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    a781de574e0567285ee1233bf6a57cc0


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSREPL35.DLL
    .dll windows:4 windows x86 arch:x86

    23bbd416b06ed5ae477309380d72aabe


    Headers

    Imports

    Sections

  • $SYSDIR/MSSTDFMT.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    813db3b6c9a1b45c2a363924917c26d9


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSVBVM60.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    a48bc65cb80524393ed5ceb59b94e776


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSVCRT40.DLL
    .dll windows:4 windows x86 arch:x86

    57259dcda30c27e977785c33a8441434


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/MSWINSCK.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    cb0275eec9ac31b6d4d44320e576fadb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/Msinet.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    96286284ff8e040938ba779778d1542e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/OLEAUT32.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    354f0e4993e3e3b9ed42e25935d15ead


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/OLEPRO32.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    f5ccf8bf224eb9ec83fbb805c335d308


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/Play_FLV.DLL
  • $SYSDIR/SHELLLNK.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    0301b7ebf2bccb3797a459b49a3fa0fb


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/TABCTCHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/TabCtl32.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    aa8b0ec5b7d56e08d6614ae243221096


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/VB5DB.DLL
    .dll windows:4 windows x86 arch:x86

    2824fcddda9a05ec563c0e7037537798


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/VB6CHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/VB6STKIT.DLL
    .dll windows:4 windows x86 arch:x86

    9f4b76d42cbc350286ec870347345155


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/VBAJET32.DLL
    .dll windows:4 windows x86 arch:x86

    8e4cca56f88f6d206aa5a20cdaf1a0c8


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/WINSKCHT.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $SYSDIR/msado20.tlb
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • ALLMAIL.TXT
  • BIRDHDAY.PX3
  • CutNet.ini
  • CutNet2.ini
  • Cutmail.exe
    .exe windows:4 windows x86 arch:x86

    00728c41941e4d7e1319c0818012c262


    Headers

    Imports

    Sections

  • DELLIST.TXT
  • DM1.HTM
    .html
  • EMAIL1.TXT
  • INSTALL.INI
  • LOVE.PX3
  • NEWYEAR.PX3
  • PX3.INI
  • Play_FLV.DLL
  • Play_FLV.exe
    .exe windows:4 windows x86 arch:x86

    d6a3ad92eda32bfad9df2bb134ba05c9


    Headers

    Imports

    Sections

  • Px3-db.exe
    .exe windows:4 windows x86 arch:x86

    c5162d6d7b22141b3c72c13ee71b9d8f


    Headers

    Imports

    Sections

  • Px3.exe
    .exe windows:4 windows x86 arch:x86

    460b5df901f5e2d7adbff62177ee5f32


    Headers

    Imports

    Sections

  • REACH.ICO
  • Readme.pdf
  • USER.HTM
    .html
  • XMAS.PX3
  • commercial1.px3
  • commercial10.px3
    .html
  • commercial11.px3
  • commercial12.px3
    .html
  • commercial13.px3
    .html
  • commercial14.px3
    .html
  • commercial15.px3
    .html
  • commercial16.px3
  • commercial17.px3
    .html
  • commercial18.px3
    .html
  • commercial19.px3
  • commercial2.px3
    .js
  • commercial20.px3
    .html
  • commercial21.px3
    .html
  • commercial22.px3
    .js
  • commercial23.px3
    .js
  • commercial24.px3
    .html
  • commercial25.px3
    .html
  • commercial26.px3
    .html
  • commercial27.px3
    .html
  • commercial28.px3
    .html
  • commercial29.px3
    .html
  • commercial3.px3
    .html
  • commercial30.px3
    .js
  • commercial31.px3
    .html
  • commercial32.px3
    .html
  • commercial33.px3
    .html
  • commercial34.px3
    .html
  • commercial35.px3
    .html
  • commercial36.px3
    .html
  • commercial37.px3
    .html
  • commercial38.px3
    .html
  • commercial39.px3
    .html
  • commercial4.px3
  • commercial40.px3
    .html
  • commercial5.px3
  • commercial6.px3
  • commercial7.px3
  • commercial8.px3
    .html
  • commercial9.px3
    .html
  • cuthelp.htm
    .html
  • cutnet-help.htm
    .html
  • cutnet.exe
    .exe windows:4 windows x86 arch:x86

    461d95bb5cef7409cd1ddc988ad53327


    Headers

    Imports

    Sections

  • cutnet10.gif
    .gif
  • cutnet11.gif
    .gif
  • key_job.dat
    .html
  • key_job2.dat
    .html
  • local.ini
  • logo.ico
  • patch.exe
    .exe windows:4 windows x86 arch:x86

    cf268c659f855e08e4e1c06cd6c3838c


    Headers

    Imports

    Sections

  • patch.ini
  • pithtree.lum
    .js
  • px3help.htm
    .html
  • sample-1.mdb
  • sample-2.xls
    .xls windows office2003
  • temp1.dat
  • temp2.dat
    .html .js polyglot
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    237a51742fed62d237b6f1b75452402f


    Headers

    Imports

    Sections