Overview

overview

7

Static

static

7

cvery.com/Help.pdf

windows7-x64

3

cvery.com/Help.pdf

windows10-2004-x64

3

cvery.com/MDIAPP.exe

windows7-x64

3

cvery.com/MDIAPP.exe

windows10-2004-x64

3

MAIN.js

windows7-x64

3

MAIN.js

windows10-2004-x64

3

Rar.exe

windows7-x64

3

Rar.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    764bbeb5ea8e0be6821364e5afddc479_JaffaCakes118

  • Size

    2.8MB

  • MD5

    764bbeb5ea8e0be6821364e5afddc479

  • SHA1

    4332ed509e95d26ef5a9c257f2f16e34ba26d7ca

  • SHA256

    a49902de4712aab280ba54c4974cfb0c77069d7bb414e6b36d09c495d8bc7490

  • SHA512

    157f85f5a5c48ff3e0e93ecb1cb060dcc99b3d5452c5b9669c03b6dd70914fcb6ef18cdad9ddd00c63330e19d53e4a627fb506bddfaefb00d7b571e41eeb1f52

  • SSDEEP

    49152:Sat3S47uufFtj2E1bba+T4LVWUxlYU4ZU2K0KFcFuDXRQyHWurTve/85WQn/aD2K:SMiMuEtNX4tR4b2FeuDXRBHJrT20oiJw

Score
7/10
pdflinkaspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 764bbeb5ea8e0be6821364e5afddc479_JaffaCakes118
    .rar
  • cvery.com/CRM.ini
  • cvery.com/CRM.pfADTG
  • cvery.com/CRMS_Data.MDF
  • cvery.com/CRMS_Log.LDF
  • cvery.com/Connect.udl
  • cvery.com/Help.pdf
    .pdf

    • http://163.com

    • http://www.2ccc.com/

    • http://www.playicq.com/

  • cvery.com/MDIAPP.EXE
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cvery.com/MainGroup.bmp
  • cvery.com/Source.rar
    .rar
  • 2ccc.com.nfo
  • Areas.dfm
  • Areas.pas
  • BackUp.dfm
  • BackUp.pas
  • Bespeak.dfm
  • Bespeak.pas
  • CRM.ini
  • CRM.pfADTG
  • CallatForm1.dfm
  • CallatForm1.pas
  • ChangePassword.dfm
  • ChangePassword.pas
  • ClientList.dfm
  • ClientList.pas
  • CompressData.dfm
  • CompressData.pas
  • Connect.udl
  • DM.PAS
  • DM.dfm
  • EditArea.dfm
  • EditArea.pas
  • EditBespeak.dfm
  • EditBespeak.pas
  • EditClient.dfm
  • EditClient.pas
  • EditLinkmanForm1.dfm
  • EditLinkmanForm1.pas
  • EditPower.dfm
  • EditPower.pas
  • EditSell.dfm
  • EditSell.pas
  • Editproduct.dfm
  • Editproduct.pas
  • LinkManList.dfm
  • LinkManList.pas
  • Load.dfm
  • Load.pas
  • Log.dfm
  • Log.pas
  • MAIN.PAS
    .js
  • MAIN.dfm
  • MDIAPP.cfg
  • MDIAPP.dpr
  • Muster1.dfm
  • Muster1.pas
  • Option.dfm
  • Option.pas
  • PowerSet.dfm
  • PowerSet.pas
  • ProductForm.dfm
  • ProductForm.pas
  • Rar.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • Reserve.dfm
  • Reserve.pas
  • Search.dfm
  • Search.pas
  • SellList.dfm
  • SellList.pas
  • SortForm.dfm
  • SortForm.pas
  • WaitPas1.pas
  • Welcome.dfm
  • Welcome.pas
  • mdiapp.RES
  • progress.dfm
  • progress.pas
  • report.RES
  • 图标125.ico
  • 客户资料.mdb
  • cvery.com/下载说明.htm
    .html .js polyglot
  • cvery.com/客户资料.mdb