Overview

overview

7

Static

static

7

b3580deaf7...18.exe

windows7-x64

7

b3580deaf7...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/fct.dll

windows7-x64

3

$PLUGINSDIR/fct.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

bho_project.dll

windows7-x64

3

bho_project.dll

windows10-2004-x64

3

chromeaddo...ded.js

windows7-x64

3

chromeaddo...ded.js

windows10-2004-x64

3

chromeaddo...d.html

windows7-x64

3

chromeaddo...d.html

windows10-2004-x64

3

chromeaddo...ded.js

windows7-x64

3

chromeaddo...ded.js

windows10-2004-x64

3

firefoxaddon/build.sh

ubuntu-18.04-amd64

3

firefoxaddon/build.sh

debian-9-armhf

3

firefoxaddon/build.sh

debian-9-mips

3

firefoxaddon/build.sh

debian-9-mipsel

3

firefoxadd...ild.sh

ubuntu-18.04-amd64

firefoxadd...ild.sh

debian-9-armhf

firefoxadd...ild.sh

debian-9-mips

firefoxadd...ild.sh

debian-9-mipsel

firefoxadd...lay.js

windows7-x64

3

firefoxadd...lay.js

windows10-2004-x64

3

firefoxadd...oku.js

windows7-x64

3

firefoxadd...oku.js

windows10-2004-x64

3

firefoxadd...oku.js

windows7-x64

3

firefoxadd...oku.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    b3580deaf7e8b88ca5511e95e8a0f8bf_JaffaCakes118

  • Size

    131KB

  • MD5

    b3580deaf7e8b88ca5511e95e8a0f8bf

  • SHA1

    4b7ee2e6afd27b3573ea0cffa1b1ff991ae8e568

  • SHA256

    875d5409765aa8be15bfc40c391465ed1831778ae28fbda32eeaae9b7b204183

  • SHA512

    c0ee98ca5fc3c5c5485ef0a215c67ae7556f5ebb560debe1d81478c2ca917eefc1c64a6f5b7834e6dbc0ea842929fce53112bd2ce5f5e5dce9fc924663bc4635

  • SSDEEP

    3072:3Lk395hYXJFZfFsuGC+74inMZqVFITlqlm1YstUmP9SK8:3QqzZuu/+0sMZqqq0rsR

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • b3580deaf7e8b88ca5511e95e8a0f8bf_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/fct.dll
    .dll windows:4 windows x86 arch:x86

    ea6c66dd8fdf3fe3fb04ddbc357acc4c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5bdcdde5acd7b395f3f3d19ebbb8c6cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/md5dll.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ChromeAddon.pem
  • bho_project.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    470b42adb8619884c5594da47c09acc6


    Headers

    Imports

    Exports

    Sections

  • chromeaddon/._included.js
  • chromeaddon/background.html
    .html .js polyglot
  • chromeaddon/included.js
    .js
  • chromeaddon/manifest.json
  • firefoxaddon/build.sh
    .sh linux
  • firefoxaddon/chrome.manifest
  • firefoxaddon/config_build.sh
    .sh linux
  • firefoxaddon/content/.DS_Store
  • firefoxaddon/content/firefoxOverlay.xul
    .js .xml polyglot
  • firefoxaddon/content/overlay.js
    .js
  • firefoxaddon/content/sudoku.js
    .js
  • firefoxaddon/defaults/.DS_Store
  • firefoxaddon/defaults/preferences/.DS_Store
  • firefoxaddon/defaults/preferences/._sudoku.js
  • firefoxaddon/defaults/preferences/sudoku.js
  • firefoxaddon/files
  • firefoxaddon/install.rdf
    .xml
  • firefoxaddon/locale/.DS_Store
  • firefoxaddon/locale/en-US/.DS_Store
  • firefoxaddon/locale/en-US/sudoku.dtd
  • firefoxaddon/locale/en-US/sudoku.properties
  • firefoxaddon/readme.txt
  • firefoxaddon/skin/overlay.css
  • vfd-pmi_uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections