Overview

overview

7

Static

static

3

9688bb6a74...18.exe

windows7-x64

7

9688bb6a74...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

6

$PLUGINSDI...2k.sys

windows7-x64

1

$PLUGINSDI...2k.sys

windows10-2004-x64

1

$PLUGINSDI...xp.sys

windows7-x64

1

$PLUGINSDI...xp.sys

windows10-2004-x64

1

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

FileAssocupdate.exe

windows7-x64

3

FileAssocupdate.exe

windows10-2004-x64

3

PhotoViewer.exe

windows7-x64

6

PhotoViewer.exe

windows10-2004-x64

7

UploadShell.dll

windows7-x64

3

UploadShell.dll

windows10-2004-x64

3

update.exe

windows7-x64

3

update.exe

windows10-2004-x64

3

wiaaut.dll

windows7-x64

3

wiaaut.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9688bb6a74c2e90aa15aefbd4f9b17c5_JaffaCakes118

  • Size

    877KB

  • MD5

    9688bb6a74c2e90aa15aefbd4f9b17c5

  • SHA1

    207587a2001f61b92667809508ffdac1c21c1a5c

  • SHA256

    97a25ea43fa48e08ab17db9de5466241b2349fee4b1d3e3ebafcd99d68b4dfb1

  • SHA512

    38498c78e3e26bb70618b35f3b3bb727c811e37ee3f5bb2fdf6977cd2ba355799ba0669685b4386e4aff866edd79a55621243969dada2b08c24aa1662b1d6ae6

  • SSDEEP

    12288:VFzWdoOccY/OkHSdzUzyj6GXebsBKFmQV7uWO28QlogQOfzwKVfqaY1lidUM:VFzcoONSOygzO8KkomboPQOczxl0

Score
3/10

Malware Config

Signatures

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs
    installer

Files

  • 9688bb6a74c2e90aa15aefbd4f9b17c5_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    b2a0d9368ec1be7deb968a920e5c993e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/driver.exe
    .exe windows:4 windows x86 arch:x86

    67d358789fa6d1e6811d2250f3d2baae


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ghost_win2k.sys
    .sys windows:5 windows x86 arch:x86

    7ed52853e80dcee3d4c55bf0d2b7f547


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ghost_winxp.sys
    .sys windows:5 windows x86 arch:x86

    333544fecb376ba97aba4b7c9140909e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsisFirewall.dll
    .dll windows:4 windows x86 arch:x86

    668ee366fb5b7f916e44ba8830cd1caf


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/poco_plugins.dll
    .dll windows:4 windows x86 arch:x86

    04b366a6e4b8ef46b08a3c61848c729b


    Headers

    Imports

    Exports

    Sections

  • FileAssocupdate.exe
    .exe windows:4 windows x86 arch:x86

    2c9c8ce2f71b5fb382305ebcfb7d9e11


    Code Sign

    Headers

    Imports

    Sections

  • FileExt.inf
  • PhotoViewer.exe
    .exe windows:4 windows x86 arch:x86

    d6c49b0b5e2d4542350dd7de4fcec1ae


    Code Sign

    Headers

    Imports

    Sections

  • PhotoViewerܽ.txt
  • Uninstall.exe.nsis
  • UploadShell.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    d9a3a3561641897dfdf15fc9fd5eaf38


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • update.exe
    .exe windows:4 windows x86 arch:x86

    78189dd0df726438a5e2d9d459e546a6


    Code Sign

    Headers

    Imports

    Sections

  • watermark/pocoͼƬ.png
    .png
  • wiaaut.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    c4d5288cc0f629fc5c7869b66bfe2953


    Code Sign

    Headers

    Imports

    Exports

    Sections