Overview

overview

7

Static

static

3

PhotoViewer.exe

windows7-x64

7

PhotoViewer.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

6

$PLUGINSDI...2k.sys

windows7-x64

1

$PLUGINSDI...2k.sys

windows10-2004-x64

1

$PLUGINSDI...xp.sys

windows7-x64

1

$PLUGINSDI...xp.sys

windows10-2004-x64

1

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

FileAssocupdate.exe

windows7-x64

3

FileAssocupdate.exe

windows10-2004-x64

3

PhotoViewer.exe

windows7-x64

4

PhotoViewer.exe

windows10-2004-x64

7

UploadShell.dll

windows7-x64

3

UploadShell.dll

windows10-2004-x64

3

update.exe

windows7-x64

3

update.exe

windows10-2004-x64

3

wiaaut.dll

windows7-x64

3

wiaaut.dll

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    78293c18a2f1ff0ce0b1723518323a16_JaffaCakes118

  • Size

    845KB

  • MD5

    78293c18a2f1ff0ce0b1723518323a16

  • SHA1

    46f050a0d183a8d0e6dccda42de93ade7ae44e29

  • SHA256

    6d6f3e85e85e39e42d3aad73da391bb07a53b3e96accee7ceff7115fb35fe2be

  • SHA512

    eb800f1b3e75b7258e9387cf6d011dedf4dbe07e8d8c825d4f232a63d409318d81a9d4a1d9e5f91e9fadc31a17264ba0622f711c423325e464626de36b9f9d4c

  • SSDEEP

    24576:jLijjl5KsokTDCixLp6jsdcHm7+2tpCbHf2df7xwmOw:jyjl58aDPLp5GHl2/Cb/afCmZ

Score
3/10

Malware Config

Signatures

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs
    installer

Files

  • 78293c18a2f1ff0ce0b1723518323a16_JaffaCakes118
    .rar
  • PhotoViewer.exe
    .exe windows:4 windows x86 arch:x86

    b2a0d9368ec1be7deb968a920e5c993e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/driver.exe
    .exe windows:4 windows x86 arch:x86

    67d358789fa6d1e6811d2250f3d2baae


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ghost_win2k.sys
    .sys windows:5 windows x86 arch:x86

    7ed52853e80dcee3d4c55bf0d2b7f547


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ghost_winxp.sys
    .sys windows:5 windows x86 arch:x86

    333544fecb376ba97aba4b7c9140909e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsisFirewall.dll
    .dll windows:4 windows x86 arch:x86

    668ee366fb5b7f916e44ba8830cd1caf


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/poco_plugins.dll
    .dll windows:4 windows x86 arch:x86

    04b366a6e4b8ef46b08a3c61848c729b


    Headers

    Imports

    Exports

    Sections

  • FileAssocupdate.exe
    .exe windows:4 windows x86 arch:x86

    07d22d1d235e782b700778d1b5905ac6


    Code Sign

    Headers

    Imports

    Sections

  • FileExt.inf
  • PhotoViewer.exe
    .exe windows:4 windows x86 arch:x86

    ba865df6d9587e616d010eed7572109d


    Code Sign

    Headers

    Imports

    Sections

  • PhotoViewerܽ.txt
  • Uninstall.exe.nsis
  • UploadShell.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    d9a3a3561641897dfdf15fc9fd5eaf38


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • update.exe
    .exe windows:4 windows x86 arch:x86

    78189dd0df726438a5e2d9d459e546a6


    Code Sign

    Headers

    Imports

    Sections

  • watermark/pocoͼƬ.png
    .png
  • wiaaut.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    c4d5288cc0f629fc5c7869b66bfe2953


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 新云软件.url
    .url