General

  • Target

    7361ef8270f5d3abb2a384a689eb66b3_JaffaCakes118

  • Size

    3.4MB

  • MD5

    7361ef8270f5d3abb2a384a689eb66b3

  • SHA1

    aa4acdc8d8597e786444b5f4c62425b47379012c

  • SHA256

    5fdb85d8cc5bd0bf41fe1fafe668c5a5d734c4de80f609aabf76ab9729d0f064

  • SHA512

    57ba5c9ce61680fe3e100475d2458f8eb5533524de1766218d0585cd0191e0ca6dd9a8622b8f278191b73528c35de1a5376e6cc01b3a155802483e4a2be6540d

  • SSDEEP

    49152:qXnKE9U0UFmKhpNWS+jc+7UjNih+L7KdG/0P9NgZrBjubxx9tZNaePsX8jnmlpua:qaZ0kRZHL7KUcP9+ZrE7TZLnjn0Qa

Score
3/10

Malware Config

Signatures

  • Unsigned PE 18 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 7361ef8270f5d3abb2a384a689eb66b3_JaffaCakes118
    .rar
  • 冰盾8.2安装程序.exe
    .exe windows:4 windows x86 arch:x86

    1776ef176e821fae67f5fb6eb56cce45


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    1f17b0b6882d6afd1cf8c1e07e5acc0b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    0a429a757fe850cda370ca04651f8539


    Headers

    Imports

    Exports

    Sections

  • BdFwSvc.exe
    .exe windows:4 windows x86 arch:x86

    fdbfec85672f73d2a4d49635454936d4


    Headers

    Imports

    Sections

  • PSAPI.DLL
    .dll windows:4 windows x86 arch:x86

    3b5b4bad881057af15fc35648ebcf206


    Headers

    Imports

    Exports

    Sections

  • SysConf.dat
  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    1776ef176e821fae67f5fb6eb56cce45


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    1f17b0b6882d6afd1cf8c1e07e5acc0b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    0a429a757fe850cda370ca04651f8539


    Headers

    Imports

    Exports

    Sections

  • bdfw.exe
    .exe windows:4 windows x86 arch:x86

    fdbfec85672f73d2a4d49635454936d4


    Headers

    Imports

    Sections

  • bin/efwinstall.exe
    .exe windows:5 windows x86 arch:x86

    42333f0c9a25e176038c934a8d62661e


    Headers

    Imports

    Sections

  • config/unicode.map
  • driver/2k/bdwrap2k.inf
  • driver/2k/bdwrap2k_m.inf
  • driver/2k/enetfilt2k.sys
    .sys windows:5 windows x86 arch:x86

    f45440b92c92d461d027c85373e2e6fd


    Headers

    Imports

    Sections

  • driver/xp/bdwrap.inf
  • driver/xp/bdwrap_m.inf
  • driver/xp/enetfilt.sys
    .sys windows:5 windows x86 arch:x86

    850bf775059535252def33df3fb7619d


    Headers

    Imports

    Sections

  • easydb.dll
    .dll windows:4 windows x86 arch:x86

    65238d542ed63889203e85026185205d


    Headers

    Imports

    Exports

    Sections

  • lang/BdFwChs.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • libcurl.dll
    .dll windows:4 windows x86 arch:x86

    80f4d520a8db2b21744b76b5ea02b06b


    Headers

    Imports

    Exports

    Sections

  • readme.txt
  • 冰盾8.2破解补丁.exe
    .exe windows:4 windows x86 arch:x86

    87b324a67e18fb2e1d12308b06fa8d4f


    Headers

    Imports

    Sections

  • 安装说明.txt
  • 说明.url
    .url