Overview

overview

7

Static

static

7

HideFilez.sys

windows7-x64

1

HideFilez.sys

windows10-2004-x64

1

Tooltiplib.dll

windows7-x64

7

Tooltiplib.dll

windows10-2004-x64

7

Windows文...��.chm

windows7-x64

1

Windows文...��.chm

windows10-2004-x64

1

hide.dll

windows7-x64

3

hide.dll

windows10-2004-x64

3

iext.dll

windows7-x64

3

iext.dll

windows10-2004-x64

3

krnln.dll

windows7-x64

7

krnln.dll

windows10-2004-x64

7

lockfile.dll

windows7-x64

7

lockfile.dll

windows10-2004-x64

7

lockfile.exe

windows7-x64

7

lockfile.exe

windows10-2004-x64

7

lockfile2.exe

windows7-x64

7

lockfile2.exe

windows10-2004-x64

7

locksys.dll

windows7-x64

7

locksys.dll

windows10-2004-x64

7

movelock.exe

windows7-x64

7

movelock.exe

windows10-2004-x64

7

shell.dll

windows7-x64

7

shell.dll

windows10-2004-x64

7

sky.dll

windows7-x64

7

sky.dll

windows10-2004-x64

7

substdll.dll

windows7-x64

7

substdll.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    aa41d0cc2c956ae6594c565494b942a7_JaffaCakes118

  • Size

    2.5MB

  • MD5

    aa41d0cc2c956ae6594c565494b942a7

  • SHA1

    cfef5c84c59bc048ca634551c16ce82c00dcb906

  • SHA256

    993ef77c72c9169d5c6c15fde2ee203c63e246e2050948051352ce5367abd56f

  • SHA512

    4bf8b1cd53ec99515f16e754219f2c9d50d4e6ab70fef0e53d53c3915a51c46c93c8afa71762558cb1b998ca071b0184b5912d959ef76b3150c4de5b3511795a

  • SSDEEP

    49152:BCgzwFjbnWQbeZyi0rWb0v1v4+HDkpouuRzrHcJwJ3K5bPOPXgYuThGzeMcarKzb:BCgzwFjjWQyytrmhou6rHn3K5iPOKA4C

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 19 IoCs

    Checks for missing Authenticode signature.

Files

  • aa41d0cc2c956ae6594c565494b942a7_JaffaCakes118
    .rar
  • HideFilez.sys
    .sys windows:5 windows x86 arch:x86

    bbe23d02b095c717dfd2cad660df22f6


    Headers

    Imports

    Sections

  • Tooltiplib.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • Windows文件夹加密大师.chm
    .chm
  • hide.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • iext.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • krnln.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • lockfile.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • lockfile.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • lockfile2.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • locksys.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • movelock.exe
    .exe windows:4 windows x86 arch:x86

    9165ea3e914e03bda3346f13edbd6ccd


    Headers

    Imports

    Sections

  • shell.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • sky.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • substdll.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ★用前必读★.txt
  • 下载说明.htm
    .html .js polyglot
  • 重要说明.txt