Overview

overview

7

Static

static

4

a20992e683...18.exe

windows7-x64

7

a20992e683...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Manual_RU.pdf

windows7-x64

3

Manual_RU.pdf

windows10-2004-x64

3

QtCore4.dll

windows7-x64

3

QtCore4.dll

windows10-2004-x64

3

QtGui4.dll

windows7-x64

3

QtGui4.dll

windows10-2004-x64

3

QtNetwork4.dll

windows7-x64

3

QtNetwork4.dll

windows10-2004-x64

3

QtSql4.dll

windows7-x64

3

QtSql4.dll

windows10-2004-x64

3

avistfw.exe

windows7-x64

4

avistfw.exe

windows10-2004-x64

4

etc/afw-se...xy.exe

windows7-x64

3

etc/afw-se...xy.exe

windows10-2004-x64

3

etc/afw-se...in.dll

windows7-x64

3

etc/afw-se...in.dll

windows10-2004-x64

3

etc/afw-se...in.dll

windows7-x64

3

etc/afw-se...in.dll

windows10-2004-x64

3

etc/afw-se...in.dll

windows7-x64

3

etc/afw-se...in.dll

windows10-2004-x64

3

etc/afw-se...on.dll

windows7-x64

3

etc/afw-se...on.dll

windows10-2004-x64

3

etc/afw-se...il.exe

windows7-x64

1

etc/afw-se...il.exe

windows10-2004-x64

3

etc/afw-se...ts.exe

windows7-x64

1

etc/afw-se...ts.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a20992e6831aa6bba1aa63b609418221_JaffaCakes118

  • Size

    6.4MB

  • MD5

    a20992e6831aa6bba1aa63b609418221

  • SHA1

    706155d776ffcaf889712411f0c887f031a98f90

  • SHA256

    2d9330760711c47f4d4187dfe2811b6868f81d4173b088a89535c5379e759e3d

  • SHA512

    f3cc6456804bb40392eb041755dd798f56f32cec1b89ea03c4f8716cebce7d366bc4f541dd3321a97c64c299169223b7fd967a17ac29ceec49130b9d807bb239

  • SSDEEP

    196608:ovZvbPjZc2JrrHkKTvqFU3CKiWTli2hHHH5lNGUhLVkglfgLu:8PjG2VHkKTv3TiWTliMn5lNJF

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 20 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • a20992e6831aa6bba1aa63b609418221_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    9b6b6a7858e17fb0b17e1c1428330343


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • Manual_RU.pdf
    .pdf

    • http://ip2cidr.com/

  • QtCore4.dll
    .dll windows:4 windows x86 arch:x86

    ae4ae0defdb017c681bbc45b17779196


    Headers

    Imports

    Exports

    Sections

  • QtGui4.dll
    .dll windows:4 windows x86 arch:x86

    bcb364cd8ed1eff9751cc50cd4061059


    Headers

    Imports

    Exports

    Sections

  • QtNetwork4.dll
    .dll windows:4 windows x86 arch:x86

    0302353f1dee0a6e8f78a67e9d7fc316


    Headers

    Imports

    Exports

    Sections

  • QtSql4.dll
    .dll windows:4 windows x86 arch:x86

    cb1f5d63ef9c1bbaa149ec333ad7cec9


    Headers

    Imports

    Exports

    Sections

  • avistfw.exe
    .exe windows:4 windows x86 arch:x86

    594732610b1a410b5ce32d1864653792


    Headers

    Imports

    Sections

  • etc/afw-server/bin/3proxy.exe
    .exe windows:4 windows x86 arch:x86

    a1beb1b3f5af3d8816a3c2eaee5a1e76


    Headers

    Imports

    Sections

  • etc/afw-server/bin/PCREPlugin.dll
    .dll windows:4 windows x86 arch:x86

    927f93568fa9337f0d03dce32397f721


    Headers

    Imports

    Exports

    Sections

  • etc/afw-server/bin/StringsPlugin.dll
    .dll windows:4 windows x86 arch:x86

    af27f8630a1ed4291941c0cfcd196a6e


    Headers

    Imports

    Exports

    Sections

  • etc/afw-server/bin/TrafficPlugin.dll
    .dll windows:4 windows x86 arch:x86

    0b93c4ade4233ed58878ebb6072ffdaa


    Headers

    Imports

    Exports

    Sections

  • etc/afw-server/bin/WindowsAuthentication.dll
    .dll windows:4 windows x86 arch:x86

    e03bdd1998d92d56b569992045e9eb14


    Headers

    Imports

    Exports

    Sections

  • etc/afw-server/bin/countersutil.exe
    .exe windows:4 windows x86 arch:x86

    c00f169032f7d9e9fc5953c23db29843


    Headers

    Imports

    Sections

  • etc/afw-server/bin/dighosts.exe
    .exe windows:4 windows x86 arch:x86

    de2444828b8fda0f2072e3d0cd43a6a8


    Headers

    Imports

    Sections

  • etc/afw-server/bin/mycrypt.exe
    .exe windows:4 windows x86 arch:x86

    2dcbc36e1de884d24da48a008515a5a0


    Headers

    Imports

    Sections

  • etc/afw-server/bin/rus-koi8-r.3ps
  • etc/afw-server/bin/rus-win1251.3ps
  • mingwm10.dll
    .dll windows:4 windows x86 arch:x86

    2870205e38265f891e17ab096ac00cf1


    Headers

    Imports

    Exports

    Sections

  • plugins/proxyplugin.dll
    .dll windows:4 windows x86 arch:x86

    6b246d44870f77914a1de0ecb654c7e2


    Headers

    Imports

    Exports

    Sections

  • plugins/sqldrivers/qsqlite4.dll
    .dll windows:4 windows x86 arch:x86

    b01cc8110a81e3d149756acdb819918e


    Headers

    Imports

    Exports

    Sections

  • translations/ProxyPlugin_ru.qm
  • translations/avistfw_ru.qm
  • translations/avistfw_ru.qm=
  • translations/platform_ru.qm
  • translations/qt_ar.qm
  • translations/qt_de.qm
  • translations/qt_es.qm
  • translations/qt_fr.qm
  • translations/qt_iw.qm
  • translations/qt_ja_jp.qm
  • translations/qt_pl.qm
  • translations/qt_pt.qm
  • translations/qt_ru.qm
  • translations/qt_sk.qm
  • translations/qt_sv.qm
  • translations/qt_uk.qm
  • translations/qt_zh_CN.qm
  • translations/qt_zh_TW.qm
  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp