Overview

overview

7

Static

static

7

83caf0f1ae...18.exe

windows7-x64

7

83caf0f1ae...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$SYSDIR/cu...16.dll

windows7-x64

3

$SYSDIR/cu...16.dll

windows10-2004-x64

3

$SYSDIR/tmbvcm32.dll

windows7-x64

3

$SYSDIR/tmbvcm32.dll

windows10-2004-x64

3

$SYSDIR/tmbvcm64.dll

windows7-x64

1

$SYSDIR/tmbvcm64.dll

windows10-2004-x64

1

PlayClaw.exe

windows7-x64

7

PlayClaw.exe

windows10-2004-x64

7

WinRing0.dll

windows7-x64

3

WinRing0.dll

windows10-2004-x64

3

WinRing0.sys

windows7-x64

1

WinRing0.sys

windows10-2004-x64

1

WinRing0x64.sys

windows7-x64

1

WinRing0x64.sys

windows10-2004-x64

1

playclawhook.dll

windows7-x64

3

playclawhook.dll

windows10-2004-x64

3

tmbvcm32.dll

windows7-x64

3

tmbvcm32.dll

windows10-2004-x64

3

tmbvcm64.dll

windows7-x64

1

tmbvcm64.dll

windows10-2004-x64

1

ts3plugins...aw.dll

windows7-x64

3

ts3plugins...aw.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    83caf0f1ae780040eb274dfe701225fc_JaffaCakes118

  • Size

    3.3MB

  • MD5

    83caf0f1ae780040eb274dfe701225fc

  • SHA1

    5d44b668afb071aed068914f62d621debb4639de

  • SHA256

    de39831451c309af46db431ae51924566eb45c5298990286e02403d8bbe6c6d6

  • SHA512

    fac1b310330e36d137f2dd0dfe4dcb6eeea25402b701413aa39a9e56e511cf012ef483da015b9e146c8f0eea8ef7395e106f3a75de4b54dd063b38f0f7b25e31

  • SSDEEP

    98304:iZCqh3MoGOYBKQwbatY/Itjtskyo6+57cwPU53:iZBhMzOoKlb8y8s8B54wPy

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 16 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 83caf0f1ae780040eb274dfe701225fc_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/NSIS_Helper.dll
    .dll windows:5 windows x86 arch:x86

    739c1f86e455ad7da58402ac604ee673


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    a648aeaa164b592c1e8892a10400b5ae


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/cudart32_32_16.dll
    .dll windows:5 windows x86 arch:x86

    3e6ca81b0bcaf7ca480b51552c56c07a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/tmbvcm32.dll
    .dll windows:5 windows x86 arch:x86

    27ed950f2140c833e82e1349c670e06b


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/tmbvcm64.dll
    .dll windows:5 windows x64 arch:x64

    2cc0407dfd6eebd9e4a59501855c41af


    Headers

    Imports

    Exports

    Sections

  • PlayClaw.exe
    .exe windows:5 windows x86 arch:x86

    3271e740b41eb8158d074a5a10f8e737


    Headers

    Imports

    Sections

  • WinRing0.dll
    .dll windows:5 windows x86 arch:x86

    8614b546fc4ad3848d15712a0428322c


    Headers

    Imports

    Exports

    Sections

  • WinRing0.sys
    .sys windows:6 windows x86 arch:x86

    7cf815757705e26b809574488ed56d0e


    Code Sign

    Headers

    Imports

    Sections

  • WinRing0_License.txt
  • WinRing0x64.sys
    .sys windows:6 windows x64 arch:x64

    d41fa95d4642dc981f10de36f4dc8cd7


    Code Sign

    Headers

    Imports

    Sections

  • img/tex0.tga
  • lang/Armenian.txt
  • lang/Danish.txt
  • lang/Dutch.txt
  • lang/English.txt
  • lang/Finnish.txt
  • lang/French.txt
  • lang/German.txt
  • lang/Italian.txt
  • lang/Korean.txt
  • lang/Portuguese.txt
  • lang/Russian.txt
  • lang/Spanish.txt
  • license.txt
  • playclawhook.dll
    .dll windows:5 windows x86 arch:x86

    1e6fdaa85c0b0633ec43f4d2e17224be


    Headers

    Imports

    Sections

  • tmbvcm32.dll
    .dll windows:5 windows x86 arch:x86

    27ed950f2140c833e82e1349c670e06b


    Headers

    Imports

    Exports

    Sections

  • tmbvcm64.dll
    .dll windows:5 windows x64 arch:x64

    2cc0407dfd6eebd9e4a59501855c41af


    Headers

    Imports

    Exports

    Sections

  • ts3plugins/ts3playclaw.dll
    .dll windows:5 windows x86 arch:x86

    e55aef0169859a6009db816496775dce


    Headers

    Imports

    Exports

    Sections

  • ts3plugins/ts3playclaw64.dll
    .dll windows:5 windows x64 arch:x64

    5ec949e71c7f02ab046ff6d85ba69767


    Headers

    Imports

    Exports

    Sections

  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections