Overview

overview

9

Static

static

7

GGSafe/GGB...in.dll

windows7-x64

6

GGSafe/GGB...in.dll

windows10-2004-x64

6

GGSafe/GGSafe.exe

windows7-x64

8

GGSafe/GGSafe.exe

windows10-2004-x64

7

GGSafe/GGSafe.sys

windows7-x64

1

GGSafe/GGSafe.sys

windows10-2004-x64

1

GGSafe/GGSafe64.sys

windows7-x64

1

GGSafe/GGSafe64.sys

windows10-2004-x64

1

GGSafe/GGSafeMon.dll

windows7-x64

7

GGSafe/GGSafeMon.dll

windows10-2004-x64

7

GGSafe/GGService.exe

windows7-x64

3

GGSafe/GGService.exe

windows10-2004-x64

3

GGSafe/GGTray.exe

windows7-x64

8

GGSafe/GGTray.exe

windows10-2004-x64

7

GGSafe/GGU...ll.dll

windows7-x64

7

GGSafe/GGU...ll.dll

windows10-2004-x64

7

GGSafe/GGd...sk.exe

windows7-x64

7

GGSafe/GGd...sk.exe

windows10-2004-x64

7

GGSafe/Too...ix.exe

windows7-x64

7

GGSafe/Too...ix.exe

windows10-2004-x64

7

GGSafe/Too...sk.dll

windows7-x64

7

GGSafe/Too...sk.dll

windows10-2004-x64

7

GGSafe/Tools/Gz.dll

windows7-x64

7

GGSafe/Tools/Gz.dll

windows10-2004-x64

7

GGSafe/Too...te.dll

windows7-x64

7

GGSafe/Too...te.dll

windows10-2004-x64

7

GGSafe/UnInstall.dll

windows7-x64

9

GGSafe/UnInstall.dll

windows10-2004-x64

7

GGSafe/UnInstall.exe

windows7-x64

GGSafe/UnInstall.exe

windows10-2004-x64

GGSafe/rcDefSkin.dll

windows7-x64

7

GGSafe/rcDefSkin.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ad4fb6c91c3d2f1f5789b158c6d7c2f9_JaffaCakes118

  • Size

    8.3MB

  • MD5

    ad4fb6c91c3d2f1f5789b158c6d7c2f9

  • SHA1

    3f92bc2a5a1f59e334b9b12d97c7a0ed3570c8ac

  • SHA256

    ba6d3788c0dd7780fcdb21ed5a9ceab65c3ebe3cf88ca8653815d5587ed45b91

  • SHA512

    3e68d778b42b6bb429ecfbf7aa4adcb612b73a40cb8d29351ccb57b0cf499fbb5132fb54f116bb91832a7acbee5ab3dbfde397dc95422220bca3491201b10f96

  • SSDEEP

    196608:2A+8Zn7ZKYLJIMLKlJEHYxAPDI120CSgZ6EOE/Q9+WWcOkT9K:2A+8p7MY7EJZKPkwig9Y9/BOKK

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 9 IoCs

    Detects file using ACProtect software.

  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • ad4fb6c91c3d2f1f5789b158c6d7c2f9_JaffaCakes118
    .rar
  • GGSafe/FileHash.db
  • GGSafe/GG.dat
  • GGSafe/GGBhoPlugin.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    0ccab4ee01e97ae68e4059224eb48a0a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • GGSafe/GGHVN.dat
  • GGSafe/GGMIN.dat
  • GGSafe/GGProSoft.db
  • GGSafe/GGSafe.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • GGSafe/GGSafe.sys
    .sys windows:4 windows x86 arch:x86

    62cc77165e5b1a9a36bc08abd2effa7e


    Code Sign

    Headers

    Imports

    Sections

  • GGSafe/GGSafe64.sys
    .sys windows:5 windows x64 arch:x64

    c048313a27fc5a6186826300338f1541


    Code Sign

    Headers

    Imports

    Sections

  • GGSafe/GGSafeMon.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/GGSafeSoft.db
  • GGSafe/GGService.exe
    .exe windows:4 windows x86 arch:x86

    c5a79abf146ec51eb934ccece099b75b


    Code Sign

    Headers

    Imports

    Sections

  • GGSafe/GGTray.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/GGUpdateDll.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/GGdesk/GGDesk.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/HashCache.db
  • GGSafe/Image/158wan.bmp
  • GGSafe/Image/22.jpg
    .jpg
  • GGSafe/Image/3.jpg
    .jpg
  • GGSafe/Image/4.jpg
    .jpg
  • GGSafe/Image/5.jpg
    .jpg
  • GGSafe/Image/6.jpg
    .jpg
  • GGSafe/Image/7.jpg
    .jpg
  • GGSafe/Image/RBS WorldPay.bmp
  • GGSafe/Image/TrustCommerce.bmp
  • GGSafe/Image/aoshi.bmp
  • GGSafe/Image/authorize.bmp
  • GGSafe/Image/ddt.bmp
  • GGSafe/Image/e-onlinedata.bmp
  • GGSafe/Image/electronictransfer.bmp
  • GGSafe/Image/ipay.bmp
  • GGSafe/Image/东亚银行.bmp
  • GGSafe/Image/东京三菱银行.bmp
  • GGSafe/Image/中信银行.bmp
  • GGSafe/Image/中国邮政储蓄银行.bmp
  • GGSafe/Image/中国银行.bmp
  • GGSafe/Image/乐土.bmp
  • GGSafe/Image/交通银行.bmp
  • GGSafe/Image/光大银行.bmp
  • GGSafe/Image/兴业银行.bmp
  • GGSafe/Image/农业银行.bmp
  • GGSafe/Image/加拿大丰业银行.bmp
  • GGSafe/Image/北京银行.bmp
  • GGSafe/Image/华夏银行.bmp
  • GGSafe/Image/商业大亨.bmp
  • GGSafe/Image/大华银行.bmp
  • GGSafe/Image/天策.bmp
  • GGSafe/Image/宁波银行.bmp
  • GGSafe/Image/工商银行.bmp
  • GGSafe/Image/平安银行.bmp
  • GGSafe/Image/广东发展银行.bmp
  • GGSafe/Image/建设银行.bmp
  • GGSafe/Image/德意志银行.bmp
  • GGSafe/Image/快钱.bmp
  • GGSafe/Image/恒生银行.bmp
  • GGSafe/Image/拍拍网.bmp
  • GGSafe/Image/招商银行.bmp
  • GGSafe/Image/支付@网.bmp
  • GGSafe/Image/支付宝.bmp
  • GGSafe/Image/易宝支付.bmp
  • GGSafe/Image/星展银行.bmp
  • GGSafe/Image/武林三国.bmp
  • GGSafe/Image/武林英雄.bmp
  • GGSafe/Image/武林足球经理Ⅱ.bmp
  • GGSafe/Image/民生银行.bmp
  • GGSafe/Image/永亨银行.bmp
  • GGSafe/Image/汇丰银行.bmp
  • GGSafe/Image/江苏银行.bmp
  • GGSafe/Image/法国兴业银行.bmp
  • GGSafe/Image/浦发银行.bmp
  • GGSafe/Image/淘宝.bmp
  • GGSafe/Image/深圳发展银行.bmp
  • GGSafe/Image/渣打银行.bmp
  • GGSafe/Image/瑞士银行.bmp
  • GGSafe/Image/美国银行.bmp
  • GGSafe/Image/花旗银行.bmp
  • GGSafe/Image/财付通.bmp
  • GGSafe/Image/首信易.bmp
  • GGSafe/Image/黄金国度.bmp
  • GGSafe/MalWeb.db
  • GGSafe/Readme.txt
  • GGSafe/Tools/DetectHotfix.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/Tools/DetectRisk.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/Tools/Gz.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • GGSafe/Tools/Update.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • GGSafe/UnInstall.dll
    .dll windows:4 windows x86 arch:x86

    baa93d47220682c04d92f7797d9224ce


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • GGSafe/UnInstall.exe
    .exe windows:4 windows x86 arch:x86

    ca1c7853b29bed02bab5cfa77f707413


    Code Sign

    Headers

    Imports

    Sections

  • GGSafe/banklist.db
  • GGSafe/rcDefSkin.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • GGSafe/rcOldSkin.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • GGSafe/rcSkin.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • GGSafe/small.ico
  • GGSafe/softver.db
  • GGSafe/version.db
  • GGSafe/webconfig.ini
  • GGSafe/ztImage.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections