Overview

overview

7

Static

static

3

a59e180ef3...18.exe

windows7-x64

3

a59e180ef3...18.exe

windows10-2004-x64

3

$PLUGINSDI...ng.exe

windows7-x64

3

$PLUGINSDI...ng.exe

windows10-2004-x64

3

$PLUGINSDI...NO.exe

windows7-x64

7

$PLUGINSDI...NO.exe

windows10-2004-x64

7

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

7

$PLUGINSDI...er.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...le.exe

windows7-x64

7

$PLUGINSDI...le.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/zwan...ub.exe

windows7-x64

3

$TEMP/zwan...ub.exe

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...et.exe

windows7-x64

3

$PLUGINSDI...et.exe

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a59e180ef39b54eca51c83d1e3dcd478_JaffaCakes118

  • Size

    4.3MB

  • MD5

    a59e180ef39b54eca51c83d1e3dcd478

  • SHA1

    2bf68ca8ac85aa5a7e1e8fc00a0e7d224a36f4d0

  • SHA256

    1cc7e3c2c71cf510a446d25c502464d359b7fc9205fb85b1883e6147cf4e9e6b

  • SHA512

    b2bf1e90dc3ded7364e47d6719c9a5d6cd72d6d52859cb742b62cba888a756ca6d478416f75dbf14a295504b9d352559ae17df6ee67c34daae34c5136d3fb564

  • SSDEEP

    98304:AxHWWwhkmI1uDmHsGu2Z3QjXjqpi0FTogYCIJhePKPN:hDW3Z3sjqpi0FGhv

Score
3/10

Malware Config

Signatures

  • Unsigned PE 13 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • a59e180ef39b54eca51c83d1e3dcd478_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AMPing.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ARMSetup_MMI_BBO_NO.exe
    .exe windows:4 windows x86 arch:x86

    716d82654d143c146e0285d208c70cc2


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    741b6bafe355b63a372d737b30543a95


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/AskEULA.txt
  • $PLUGINSDIR/AskInstallChecker.exe
    .exe windows:5 windows x86 arch:x86

    66c8920bc3035d736f66f927d463ca2b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AskToolbar.bmp
  • $PLUGINSDIR/Banner.dll
    .dll windows:4 windows x86 arch:x86

    7a3709b093081d5614be1eaa2fe7fe76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/BingEULA.txt
  • $PLUGINSDIR/BingToolbar.bmp
  • $PLUGINSDIR/MP3RocketBundle.exe
    .exe windows:4 windows x86 arch:x86

    4a9446e5cc2412c6405cea69dddb93be


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b3d296ff6f7abb1319ee006fcc6c4d98


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/zwankysearch-stub.exe
    .exe windows:4 windows x86 arch:x86

    3c813c1ae17f0ef5790c8af1382ea2fb


    Headers

    Imports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YahooEULA.txt
  • $PLUGINSDIR/askToolbarInstaller.exe
    .exe windows:5 windows x86 arch:x86

    da01a2c0b27f76b87aef64c271f6afed


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/hpreset.exe
    .exe windows:5 windows x86 arch:x86

    df943e0da28bcdd5f8db0c8b1c5417c0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/splash.bmp
  • $PLUGINSDIR/splash.wav
  • License.txt
  • MP3Rocket.exe
    .exe windows:4 windows x86 arch:x86

    5789cf7c8a0be172225d7c8f1fa41931


    Headers

    Imports

    Sections

  • MP3Rocket.ico
  • intro7.zip
  • lib/MP3Rocket.ico
  • uninstall.ico
  • xml.war
    .zip
  • xml/misc/application.gif
    .gif
  • xml/misc/audio.gif
    .gif
  • xml/misc/document.gif
    .gif
  • xml/misc/image.gif
    .gif
  • xml/misc/video.gif
    .gif
  • xml/schemas/application.xsd
    .xml
  • xml/schemas/audio.xsd
    .xml
  • xml/schemas/document.xsd
    .xml
  • xml/schemas/image.xsd
    .xml
  • xml/schemas/video.xsd
    .xml