Overview

overview

8

Static

static

8

cvery.comd...ll.bat

windows7-x64

7

cvery.comd...ll.bat

windows10-2004-x64

7

cvery.comd...er.bat

windows7-x64

1

cvery.comd...er.bat

windows10-2004-x64

1

cvery.comd...in.bat

windows7-x64

1

cvery.comd...in.bat

windows10-2004-x64

1

cvery.comd...te.bat

windows7-x64

1

cvery.comd...te.bat

windows10-2004-x64

1

cvery.comd...er.exe

windows7-x64

3

cvery.comd...er.exe

windows10-2004-x64

3

cvery.comd...er.exe

windows7-x64

3

cvery.comd...er.exe

windows10-2004-x64

3

cvery.comd...r.html

windows7-x64

3

cvery.comd...r.html

windows10-2004-x64

3

cvery.comd...p.html

windows7-x64

3

cvery.comd...p.html

windows10-2004-x64

3

cvery.comd...in.dll

windows7-x64

3

cvery.comd...in.dll

windows10-2004-x64

3

cvery.comd...eg.bat

windows7-x64

3

cvery.comd...eg.bat

windows10-2004-x64

3

cvery.comd...eg.bat

windows7-x64

3

cvery.comd...eg.bat

windows10-2004-x64

3

cvery.comd...te.exe

windows7-x64

7

cvery.comd...te.exe

windows10-2004-x64

7

cvery.comd...es.bat

windows7-x64

1

cvery.comd...es.bat

windows10-2004-x64

1

cvery.comd...er.bat

windows7-x64

7

cvery.comd...er.bat

windows10-2004-x64

7

cvery.comd...in.bat

windows7-x64

7

cvery.comd...in.bat

windows10-2004-x64

7

cvery.comd...te.bat

windows7-x64

7

cvery.comd...te.bat

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b3fd3c1f3a7cb8a0d098b60906549f61_JaffaCakes118

  • Size

    1.6MB

  • MD5

    b3fd3c1f3a7cb8a0d098b60906549f61

  • SHA1

    e75bcaad205c95bd9a1aaca89465315dc3b10c31

  • SHA256

    14881c211a35b6f5153c4199265ec5931b53b6da8596da57074d1c7c3e6f2945

  • SHA512

    12f242ef60a84399f638d4c7e46650c9b3c95e504da7909d075567707c6fde36a41fc5c52ffda763eaa76901fbf7a8eb21083e093f6a08dcc256c7e1c93eab9c

  • SSDEEP

    24576:lQ0JJrs4jexzlyyrqtbGb/vJFJG/XNIJvhKuWmrpyNRb5v2MoRqryt77mkt9/9F7:lQgJoZvR3JqFSq952Mozt/mkvn0+dJfz

Score
8/10
upx

Malware Config

Signatures

  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • b3fd3c1f3a7cb8a0d098b60906549f61_JaffaCakes118
    .rar
  • cvery.comdel2477722411/Bin/BuildAll.bat
  • cvery.comdel2477722411/Bin/BuildExplorer.bat
  • cvery.comdel2477722411/Bin/BuildIEPlugin.bat
  • cvery.comdel2477722411/Bin/BuildLiveUpdate.bat
  • cvery.comdel2477722411/Bin/CSDNExplorer.ZMX
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cvery.comdel2477722411/Bin/CSDNExplorer.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cvery.comdel2477722411/Bin/CSDNExplorer.html
    .html
  • cvery.comdel2477722411/Bin/CSDNExplorer.xml
    .xml
  • cvery.comdel2477722411/Bin/Config.xml
    .xml
  • cvery.comdel2477722411/Bin/Forum.mdb
  • cvery.comdel2477722411/Bin/Forum1.mdb
  • cvery.comdel2477722411/Bin/Help.html
    .html
  • cvery.comdel2477722411/Bin/IEPlugin.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • cvery.comdel2477722411/Bin/IEPlugin.htm
    .html .vbs polyglot
  • cvery.comdel2477722411/Bin/IEPluginReg.bat
  • cvery.comdel2477722411/Bin/IEPluginUnreg.bat
  • cvery.comdel2477722411/Bin/LiveUpdate.dll
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cvery.comdel2477722411/Bin/MakeRes.bat
  • cvery.comdel2477722411/Bin/MyRes.rc
  • cvery.comdel2477722411/Bin/PackExplorer.bat
  • cvery.comdel2477722411/Bin/PackIEPlugin.bat
  • cvery.comdel2477722411/Bin/PackLiveUpdate.bat
  • cvery.comdel2477722411/Bin/Rooms.xml
  • cvery.comdel2477722411/IEPlugin/BaseCSDNForum.pas
  • cvery.comdel2477722411/IEPlugin/Build.bat
  • cvery.comdel2477722411/IEPlugin/IEPlugin.cfg
  • cvery.comdel2477722411/IEPlugin/IEPlugin.dof
  • cvery.comdel2477722411/IEPlugin/IEPlugin.dpr
  • cvery.comdel2477722411/IEPlugin/IEPlugin.res
  • cvery.comdel2477722411/IEPlugin/IEPlugin.tlb
  • cvery.comdel2477722411/IEPlugin/IEPlugin.~tlb
  • cvery.comdel2477722411/IEPlugin/IEPlugin_TLB.pas
  • cvery.comdel2477722411/IEPlugin/UPlugin_Imple.pas
  • cvery.comdel2477722411/LiveUpdate/Build.bat
  • cvery.comdel2477722411/LiveUpdate/LiveUpdate.cfg
  • cvery.comdel2477722411/LiveUpdate/LiveUpdate.dpr
  • cvery.comdel2477722411/LiveUpdate/LiveUpdate.res
  • cvery.comdel2477722411/LiveUpdate/UMainForm.dfm
  • cvery.comdel2477722411/LiveUpdate/UMainForm.pas
  • cvery.comdel2477722411/LiveUpdate/UTools.pas
  • cvery.comdel2477722411/Resource/star1.gif
    .gif
  • cvery.comdel2477722411/Resource/star2.gif
    .gif
  • cvery.comdel2477722411/Resource/star3.gif
    .gif
  • cvery.comdel2477722411/Resource/star4.gif
    .gif
  • cvery.comdel2477722411/Resource/star5.gif
    .gif
  • cvery.comdel2477722411/Resource/user1.gif
    .gif
  • cvery.comdel2477722411/Resource/user2.gif
    .gif
  • cvery.comdel2477722411/Resource/user3.gif
    .gif
  • cvery.comdel2477722411/Resource/user4.gif
    .gif
  • cvery.comdel2477722411/Resource/user5.gif
    .gif
  • cvery.comdel2477722411/Src/About.dfm
  • cvery.comdel2477722411/Src/About.pas
  • cvery.comdel2477722411/Src/Build.bat
  • cvery.comdel2477722411/Src/CSDNExplorer.cfg
  • cvery.comdel2477722411/Src/CSDNExplorer.dof
  • cvery.comdel2477722411/Src/CSDNExplorer.dpr
  • cvery.comdel2477722411/Src/CSDNExplorer.dpr.bak
  • cvery.comdel2477722411/Src/CSDNExplorer.drc
  • cvery.comdel2477722411/Src/CSDNExplorer.res
  • cvery.comdel2477722411/Src/CSDNForum.pas
  • cvery.comdel2477722411/Src/CSDNForum.pas.bak
  • cvery.comdel2477722411/Src/Global.pas
  • cvery.comdel2477722411/Src/IParamsReader.pas
  • cvery.comdel2477722411/Src/Languages.pas
  • cvery.comdel2477722411/Src/Login.dfm
  • cvery.comdel2477722411/Src/Login.pas
  • cvery.comdel2477722411/Src/LoginFace.dfm
  • cvery.comdel2477722411/Src/LoginFace.pas
  • cvery.comdel2477722411/Src/MainForm.dfm
  • cvery.comdel2477722411/Src/MainForm.pas
  • cvery.comdel2477722411/Src/MyRes.res
  • cvery.comdel2477722411/Src/PostNew.dfm
  • cvery.comdel2477722411/Src/PostNew.pas
  • cvery.comdel2477722411/Src/Reply.dfm
  • cvery.comdel2477722411/Src/Reply.pas
  • cvery.comdel2477722411/Src/ReplyBak.dfm
  • cvery.comdel2477722411/Src/ReplyBak.pas
  • cvery.comdel2477722411/Src/SendMsg.dfm
  • cvery.comdel2477722411/Src/SendMsg.pas
  • cvery.comdel2477722411/Src/StringTables.pas
    .js
  • cvery.comdel2477722411/Src/StringTables.pas.bak
    .js
  • cvery.comdel2477722411/Src/UBaseForum.pas
  • cvery.comdel2477722411/Src/UDM.dfm
  • cvery.comdel2477722411/Src/UDM.pas
  • cvery.comdel2477722411/Src/UMyPageControl.pas
  • cvery.comdel2477722411/Src/URemoteParams.pas
  • cvery.comdel2477722411/Src/UThread.pas
  • cvery.comdel2477722411/Src/UTopicListParse.pas
  • cvery.comdel2477722411/Src/UTopicParse.pas
  • cvery.comdel2477722411/Src/avi.RES
  • cvery.comdel2477722411/upx/UPX-PROT.EXE
  • cvery.comdel2477722411/upx/UPX.EXE
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cvery.comdel2477722411/upx/cp.bat
  • cvery.comdel2477722411/upx/make.bat
  • cvery.comdel2477722411/下载说明.htm
    .html .js polyglot