Overview

overview

7

Static

static

7

858fab63e8...18.exe

windows7-x64

7

858fab63e8...18.exe

windows10-2004-x64

7

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$_0_/TeamViewer_.exe

windows7-x64

7

$_0_/TeamViewer_.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    858fab63e8560c5c2fe426907efffa2a_JaffaCakes118

  • Size

    4.7MB

  • MD5

    858fab63e8560c5c2fe426907efffa2a

  • SHA1

    1bab68578b431a6a5eaf516aa236372d9616eeb7

  • SHA256

    92675414726f2f3f2508797b3041dec91b4c48102a1499f01b64b84523b9d54e

  • SHA512

    c2a32f8e475397e2bc29e5663df9e9db473d3ffb38ccb0c515f5f2cdf9f22412c1b7773bd8148eff0bf7e4eba6a28213975b3740ee2de2283a38ad67c44a0840

  • SSDEEP

    98304:QM1mcQSNkQVhMx5GaILlJR3HQE8077Q1+KUMEzE06BrkYL9J5:QMIJQVhMx52lXQE8QQ1nUMEwZBrkA5

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 16 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs
    installer

Files

  • 858fab63e8560c5c2fe426907efffa2a_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/TvGetVersion.dll
    .dll windows:4 windows x86 arch:x86

    7f27fb2f8604769e3f1416e79e2b660f


    Headers

    Imports

    Exports

    Sections

  • $_0_/TeamViewer_.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/Base64.dll
    .dll windows:4 windows x86 arch:x86

    ad07268da82afb689855dbfe2dd9f0d2


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    e26d7460d0c04056b9226a899477ba4d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:5 windows x86 arch:x86

    cd90e33ffbc335413a25300c682c83df


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    d806a080e21508dd768fa70be247d2ae


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:5 windows x86 arch:x86

    e981c0ab92cb1f191bb5e23392e14796


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Lizenz_TeamViewer_DE_unicode.txt
  • $PLUGINSDIR/Lizenz_TeamViewer_EN_unicode.txt
  • $PLUGINSDIR/StartMenu.dll
    .dll windows:5 windows x86 arch:x86

    b1d9539c7cfd95718179dedb471b482f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    6c41c5e4d44f55745b925cc4e42b7fab


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/TvGetVersion.dll
    .dll windows:4 windows x86 arch:x86

    909ddef3db5e011235388a7ec5556ac5


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    2a2e0e82c0dc9890f9201e8bd8ecbff2


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:5 windows x86 arch:x86

    45d25ca52c312b2254c60dbcb30342d1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/environment_unicode.ini
  • $PLUGINSDIR/host_unicode.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/license_unicode.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:5 windows x86 arch:x86

    8700d0ebbb41c81ea52718af1ab70a93


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsis7z.dll
    .dll windows:4 windows x86 arch:x86

    9c8bb65ecbb91da1f2ebb6ae7a714ed0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisFirewall.dll
    .dll windows:4 windows x86 arch:x86

    18ecfc7436b69f8c13ec22664f9f1857


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/security_unicode.ini
  • $PLUGINSDIR/start_unicode.ini
  • $PLUGINSDIR/vpn_unicode.ini
  • $PLUGINSDIR/wincheck.ini
  • $TEMP/TeamViewer/Version7/tvfiles.7z
    .7z
  • CopyRights_DE.txt
  • CopyRights_EN.txt
  • Lizenz_TeamViewer_DE.txt
  • Lizenz_TeamViewer_DE_unicode.txt
  • Lizenz_TeamViewer_EN.txt
  • Lizenz_TeamViewer_EN_unicode.txt
  • TeamViewer.exe
    .exe windows:5 windows x86 arch:x86

    d152133ff49486eac3fba1d38d12f408


    Code Sign

    Headers

    Imports

    Sections

  • TeamViewer_Desktop.exe
    .exe windows:5 windows x86 arch:x86

    57fea4bb000f4a90b9136662eabef29c


    Code Sign

    Headers

    Imports

    Sections

  • TeamViewer_Resource_ar.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_bg.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_cs.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_da.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_de.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_el.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_en.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_es.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_fi.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_fr.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_he.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_hr.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_hu.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_id.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_it.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_ja.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_ko.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_lt.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_nl.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_no.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_pl.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_pt.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_ro.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_ru.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_sk.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_sr.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_sv.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_th.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_tr.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_uk.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_vi.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_zhCN.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Resource_zhTW.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • TeamViewer_Service.exe
    .exe windows:5 windows x86 arch:x86

    796a6d8f54e4491fe2853e76154206de


    Code Sign

    Headers

    Imports

    Sections

  • TeamViewer_StaticRes.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • tv_w32.dll
    .dll windows:4 windows x86 arch:x86

    48bc548dee47ec9937bc576b5f80f141


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tv_w32.exe
    .exe windows:4 windows x86 arch:x86

    96165bea0fa56de797fd7a05c47d1281


    Code Sign

    Headers

    Imports

    Sections

  • tv_x64.dll
    .dll windows:4 windows x64 arch:x64

    15de394ce395ad3c498a55c8974d231c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tv_x64.exe
    .exe windows:4 windows x64 arch:x64

    0d36820926b37bb61129616939b68b31


    Code Sign

    Headers

    Imports

    Sections

  • w2k/TeamViewerVPN.inf
  • w2k/teamviewervpn.sys
    .sys windows:5 windows x86 arch:x86

    8ec9ec9840080f4331c34221e283917c


    Code Sign

    Headers

    Imports

    Sections

  • x64/TVMonitor.inf
  • x64/TVMonitor.sys
    .sys windows:6 windows x64 arch:x64

    f24b69173de020aa0ac1739d7b40e04c


    Code Sign

    Headers

    Imports

    Sections

  • x64/TeamViewerVPN.inf
  • x64/teamviewervpn.cat
  • x64/teamviewervpn.sys
    .sys windows:6 windows x64 arch:x64

    cd6e6e3dfb3a87a73c76cb5d3cdda140


    Code Sign

    Headers

    Imports

    Sections

  • x64/tvmonitor.cat
  • x86/TVMonitor.inf
  • x86/TVMonitor.sys
    .sys windows:6 windows x86 arch:x86

    bc06eb1dad5e8285411e580cdee99e10


    Code Sign

    Headers

    Imports

    Sections

  • x86/TeamViewerVPN.inf
  • x86/teamviewervpn.cat
  • x86/teamviewervpn.sys
    .sys windows:6 windows x86 arch:x86

    952b9ef5a3d8fb9c2ae05f06bb0e783c


    Headers

    Imports

    Sections

  • x86/tvmonitor.cat
  • uninstall.exe.nsis
  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections