Overview

overview

7

Static

static

7

851d799d03...18.exe

windows7-x64

7

851d799d03...18.exe

windows10-2004-x64

7

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$_0_/TeamViewer_.exe

windows7-x64

7

$_0_/TeamViewer_.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    851d799d03770d19dd6a1fae3cd88edb_JaffaCakes118

  • Size

    3.7MB

  • MD5

    851d799d03770d19dd6a1fae3cd88edb

  • SHA1

    7b02d336b2d2fec7a539de6692dcfefa87b97900

  • SHA256

    d5784677e770644867af7936797de885bfabbbeab2c6393750f949d772ffb818

  • SHA512

    b401f328dd4ea56ac13cd85dc4a8372b9e645a0f5f900c9efd955848aae013415ec9d4fcedd8999334c679d17fdc33cfc20bd517c34a9a17fb92ff05ef309e14

  • SSDEEP

    49152:b3K/vY2eaiAO2p3GjBb1aY9W8bhFA7G5Y4ScPr022zkh+6kkcg2IFwSoQ+TFRGYV:bsxi/m+hr5Y8xuaR2SwSjafTWFZbKNce

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 17 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 851d799d03770d19dd6a1fae3cd88edb_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/TvGetVersion.dll
    .dll windows:4 windows x86 arch:x86

    7f27fb2f8604769e3f1416e79e2b660f


    Headers

    Imports

    Exports

    Sections

  • $_0_/TeamViewer_.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/Base64.dll
    .dll windows:4 windows x86 arch:x86

    71822a6591db32058c3984a70d90133c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    8df26927f8978d4eb40ff179c0aa961b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    153027ec3b10bcea606b777657dd3402


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    9b6b6a7858e17fb0b17e1c1428330343


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Lizenz_TeamViewer_DE.txt
  • $PLUGINSDIR/Lizenz_TeamViewer_EN.txt
  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    a648aeaa164b592c1e8892a10400b5ae


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/TvGetVersion.dll
    .dll windows:4 windows x86 arch:x86

    7f27fb2f8604769e3f1416e79e2b660f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    2274cc1534607459cdd304a928601ef9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/environment.ini
  • $PLUGINSDIR/host.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/license.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsis7z.dll
    .dll windows:4 windows x86 arch:x86

    b22ed27c346f001ed1b4410c1073cfa9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisFirewall.dll
    .dll windows:4 windows x86 arch:x86

    1a4c99175e8891c64634680f4f238d51


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/security.ini
  • $PLUGINSDIR/start.ini
  • $PLUGINSDIR/vpn.ini
  • $PLUGINSDIR/wincheck.ini
  • $TEMP/TeamViewer/Version7/tvfiles.7z
    .7z
  • CopyRights_DE.txt
  • CopyRights_EN.txt
  • Lizenz_TeamViewer_DE.txt
  • Lizenz_TeamViewer_DE_unicode.txt
  • Lizenz_TeamViewer_EN.txt
  • Lizenz_TeamViewer_EN_unicode.txt
  • TeamViewer.exe
    .exe windows:5 windows x86 arch:x86

    d152133ff49486eac3fba1d38d12f408


    Code Sign

    Headers

    Imports

    Sections

  • TeamViewer_Desktop.exe
    .exe windows:5 windows x86 arch:x86

    57fea4bb000f4a90b9136662eabef29c


    Code Sign

    Headers

    Imports

    Sections

  • TeamViewer_Resource_de.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_en.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Service.exe
    .exe windows:5 windows x86 arch:x86

    796a6d8f54e4491fe2853e76154206de


    Code Sign

    Headers

    Imports

    Sections

  • TeamViewer_StaticRes.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • tv_w32.dll
    .dll windows:4 windows x86 arch:x86

    48bc548dee47ec9937bc576b5f80f141


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tv_w32.exe
    .exe windows:4 windows x86 arch:x86

    96165bea0fa56de797fd7a05c47d1281


    Code Sign

    Headers

    Imports

    Sections

  • tv_x64.dll
    .dll windows:4 windows x64 arch:x64

    15de394ce395ad3c498a55c8974d231c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tv_x64.exe
    .exe windows:4 windows x64 arch:x64

    0d36820926b37bb61129616939b68b31


    Code Sign

    Headers

    Imports

    Sections

  • w2k/TeamViewerVPN.inf
  • w2k/teamviewervpn.sys
    .sys windows:5 windows x86 arch:x86

    8ec9ec9840080f4331c34221e283917c


    Code Sign

    Headers

    Imports

    Sections

  • x64/TVMonitor.inf
  • x64/TVMonitor.sys
    .sys windows:6 windows x64 arch:x64

    f24b69173de020aa0ac1739d7b40e04c


    Code Sign

    Headers

    Imports

    Sections

  • x64/TeamViewerVPN.inf
  • x64/teamviewervpn.cat
  • x64/teamviewervpn.sys
    .sys windows:6 windows x64 arch:x64

    cd6e6e3dfb3a87a73c76cb5d3cdda140


    Code Sign

    Headers

    Imports

    Sections

  • x64/tvmonitor.cat
  • x86/TVMonitor.inf
  • x86/TVMonitor.sys
    .sys windows:6 windows x86 arch:x86

    bc06eb1dad5e8285411e580cdee99e10


    Code Sign

    Headers

    Imports

    Sections

  • x86/TeamViewerVPN.inf
  • x86/teamviewervpn.cat
  • x86/teamviewervpn.sys
    .sys windows:6 windows x86 arch:x86

    952b9ef5a3d8fb9c2ae05f06bb0e783c


    Headers

    Imports

    Sections

  • x86/tvmonitor.cat
  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • uninstall.exe.nsis
  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections