General

  • Target

    b0c77f243441048c1301981e2507ad5e_JaffaCakes118

  • Size

    370KB

  • MD5

    b0c77f243441048c1301981e2507ad5e

  • SHA1

    125b1783102aad15a09df672df6b11348080f787

  • SHA256

    c149e713939d27041fb26bb9de73c7c0f57af56a66bec0620952188cdcf9f192

  • SHA512

    553da8b271f64c61365006806728dfaae7a0867fe18abf251f1e0a4ca284b981fed6cda0f3798d4534a6ac768a14b6bd4594e2d51f2b2a0e7e53d4ede605825a

  • SSDEEP

    6144:+JS29KBlXDmJL09V73/8ZIgeqDIsiF9LBWTG7Y/nvQ5eUCG4Zyt/LCQVgFj0yJ:Yj9KTmJL8pWqK+6TcY/CAlYt/WQmTJ

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs

Files

  • b0c77f243441048c1301981e2507ad5e_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/Setup.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/data.js
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/img/0.gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/img/1.gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/img/2.jpeg
    .jpg
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/index.html
    .html
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/css/PIE.htc
    .js
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/css/formcontrols.css
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/css/layout.css
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/css/main.css
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/button_disabled.png
    .png
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/button_normal.png
    .png
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/checkbox.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/hr.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/page.png
    .png
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/progress.png
    .png
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/radio.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/select.png
    .png
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/windows_arrow_down.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/windows_arrow_up.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/windows_drag_bottom.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/windows_drag_middle.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/windows_drag_top.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/img/windows_track.gif
    .gif
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/js/app.js
    .js
  • $TEMP/aeac2814-61bf-4a12-8b11-c5ea3cfa382c/web/js/formcontrols.min.js
    .js
  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections