Overview

overview

7

Static

static

3

b19c0da42c...18.exe

windows7-x64

7

b19c0da42c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    b19c0da42cc2fc4ff8b2352185be3565_JaffaCakes118

  • Size

    178KB

  • MD5

    b19c0da42cc2fc4ff8b2352185be3565

  • SHA1

    b20b6ebf4a33a0c9649804f165978ca0f19c6e4e

  • SHA256

    e0170e19574eb64e4ce144b54bd811c9f8e5681837ce38ed449a80cb94e44ada

  • SHA512

    456379174014be2263a4df3c3cef11d45e1e22c16b9458d2b2c05dea3f2c5fee9638c8abc7b57fe44ceac1187946507e171a8ff50c3e8a016041eb4ba198e99d

  • SSDEEP

    3072:BgXdZt9P6D3XJE45YVLDKmS4SOr76SB+ZP55fnPcHI1QHSnjap88o731GaQewr+w:Be34WnVL2JHc75+ZPPfnE2Qyn2GrG

Score
3/10

Malware Config

Signatures

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • b19c0da42cc2fc4ff8b2352185be3565_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/IpConfig.dll
    .dll windows:5 windows x86 arch:x86

    a9988f98d52a3c7d16228f87844f85ea


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5bdcdde5acd7b395f3f3d19ebbb8c6cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $TEMP/Retro-BabylonFull-PriceGong.bmp
  • $TEMP/retro-header.bmp