General

  • Target

    c7a10c92e93cb847bac8537977071600_JaffaCakes118

  • Size

    15.5MB

  • MD5

    c7a10c92e93cb847bac8537977071600

  • SHA1

    5b5a206bef5d16c7b3542be809cf7b5ec2b18067

  • SHA256

    aa63d723e0fde39bd468725d9ab31e22fded6f389399dc31f1ccf8bf87bee110

  • SHA512

    205a14d9b8f1b3cb336337cc783e3416700a781806971aef9d6aec804f054cdf32880fde402f0631b8ee3019320d76d8a05fc7f8068c5402ed0c3e4fe3b25abf

  • SSDEEP

    393216:A+r+bygmIDk8Ed+D+U6IfWgflcNTTBu+9C6ubw4WOzC7vR+pR:A+r++RIDk7DrIfWQlUMbwAq8R

Score
8/10

Malware Config

Signatures

  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • Unsigned PE 72 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs

Files

  • c7a10c92e93cb847bac8537977071600_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    ab6770b0a8635b9d92a5838920cfe770


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    738dc9bb91549f627cf1953c2000e1d6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    f2ac1ab587d5531d5f1bf76c094aef4c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • CORE_RL_bzlib_.dll
    .dll windows:6 windows x86 arch:x86

    74ee76cb030e2bf004cce41b04531899


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_glib_.dll
    .dll windows:6 windows x86 arch:x86

    8fe7d6756cd4714672afc5ee0e37d251


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_lcms_.dll
    .dll windows:6 windows x86 arch:x86

    d745e4a1987b6c9fb955411fa5d13aac


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_lqr_.dll
    .dll windows:6 windows x86 arch:x86

    d46680ba3299c4d0394bf72ea7bb9386


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_magick_.dll
    .dll windows:6 windows x86 arch:x86

    7f181a0af0f778cb94ebbd05fb933080


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_ttf_.dll
    .dll windows:6 windows x86 arch:x86

    287d9a585c60bea6bc808a7644739471


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_wand_.dll
    .dll windows:6 windows x86 arch:x86

    983fdaf9c1e98d2dc1bc49c528d03b65


    Headers

    Imports

    Exports

    Sections

  • CORE_RL_zlib_.dll
    .dll windows:6 windows x86 arch:x86

    46f59550de7d84447c6e0b3279dc32ec


    Headers

    Imports

    Exports

    Sections

  • dev/php5ts.lib
  • extras/ssl/openssl.cnf
  • glib-2.dll
    .dll windows:6 windows x86 arch:x86

    13ee68e09ed5012532ba49d622465a7e


    Headers

    Imports

    Exports

    Sections

  • gmodule-2.dll
    .dll windows:6 windows x86 arch:x86

    06adf4f11bc4631481f1056860e1233a


    Headers

    Imports

    Exports

    Sections

  • icudt56.dll
    .dll windows:6 windows x86 arch:x86


    Headers

    Exports

    Sections

  • icuin56.dll
    .dll windows:6 windows x86 arch:x86

    597de9165de5e3dc556a9f73035cd64a


    Headers

    Imports

    Exports

    Sections

  • icuio56.dll
    .dll windows:6 windows x86 arch:x86

    bd4e9f418fdb4993a8b1c4cb43448fb4


    Headers

    Imports

    Exports

    Sections

  • icule56.dll
    .dll windows:6 windows x86 arch:x86

    4353d3715f0ac236bb729b837f20e8f0


    Headers

    Imports

    Exports

    Sections

  • iculx56.dll
    .dll windows:6 windows x86 arch:x86

    14dd5cd7975f3aae508bbd152a7ef573


    Headers

    Imports

    Exports

    Sections

  • icutest55.dll
    .dll windows:6 windows x86 arch:x86

    9099c4b0a32973a0320311c3ef394e3a


    Headers

    Imports

    Exports

    Sections

  • icutu55.dll
    .dll windows:6 windows x86 arch:x86

    bc710ca89660c552e68e666cdb7c9204


    Headers

    Imports

    Exports

    Sections

  • icuuc56.dll
    .dll windows:6 windows x86 arch:x86

    7063a47ce8268c1bcedc00674d264f77


    Headers

    Imports

    Exports

    Sections

  • install.txt
    .wsf
  • libeay32.dll
    .dll windows:6 windows x86 arch:x86

    22144112ebdcadcbcae2960d84dc3566


    Headers

    Imports

    Exports

    Sections

  • libenchant.dll
    .dll windows:6 windows x86 arch:x86

    b4fc0a0cb1acf1a5a6a07e590d2d86ec


    Headers

    Imports

    Exports

    Sections

  • libenchant_ispell.dll
    .dll windows:6 windows x86 arch:x86

    ac4375156c30a50b9b6404cfefa82ba3


    Headers

    Imports

    Exports

    Sections

  • libenchant_myspell.dll
    .dll windows:6 windows x86 arch:x86

    ed951cb129cbb4117a925b880278b99e


    Headers

    Imports

    Exports

    Sections

  • libpq.dll
    .dll windows:6 windows x86 arch:x86

    c1228d5634f7c098ddc5a3927636218e


    Headers

    Imports

    Exports

    Sections

  • libsasl.dll
    .dll windows:6 windows x86 arch:x86

    4bfee5660da886c6685c1a8ef690c127


    Headers

    Imports

    Exports

    Sections

  • libssh2.dll
    .dll windows:6 windows x86 arch:x86

    440a0aca46f65c48a43e5931698a8d8c


    Headers

    Imports

    Exports

    Sections

  • license.txt
  • msvcp110.dll
    .dll windows:6 windows x86 arch:x86

    098e9eddf1a24b3fd9465ee992148a02


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • msvcr110.dll
    .dll windows:6 windows x86 arch:x86

    e057a95f8936f77238b048f253956b3b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • news.txt
  • phar.phar.bat
  • pharcommand.phar
    .js
  • php-cgi.exe
    .exe windows:6 windows x86 arch:x86

    648b87e6c8779ad150b28a7db1e4774a


    Headers

    Imports

    Sections

  • php-win.exe
    .exe windows:6 windows x86 arch:x86

    3d0f7db115d99f509e8fd0087c6da9b1


    Headers

    Imports

    Exports

    Sections

  • php.exe
    .exe windows:6 windows x86 arch:x86

    b59fcee1a4cc234c7f51de4b60e2a7a9


    Headers

    Imports

    Exports

    Sections

  • php.gif
    .gif
  • php.ini
  • php.ini-development
  • php.ini-production
  • php5ts.dll
    .dll windows:6 windows x86 arch:x86

    e09a47be18e92891d0287d2dffc05191


    Headers

    Imports

    Exports

    Sections

  • php_bz2.dll
    .dll windows:6 windows x86 arch:x86

    23a7b4723ed58fa76d36df0191186279


    Headers

    Imports

    Exports

    Sections

  • php_com_dotnet.dll
    .dll windows:6 windows x86 arch:x86

    de912a2ce11cf101bea12e019e3017ce


    Headers

    Imports

    Exports

    Sections

  • php_curl.dll
    .dll windows:6 windows x86 arch:x86

    eaff02eb6d3258461e71132401814951


    Headers

    Imports

    Exports

    Sections

  • php_enchant.dll
    .dll windows:6 windows x86 arch:x86

    6c1c906716b22e20956c62175cb17cc6


    Headers

    Imports

    Exports

    Sections

  • php_exif.dll
    .dll windows:6 windows x86 arch:x86

    06fefc761d92aea567bbb8e057ee3f9b


    Headers

    Imports

    Exports

    Sections

  • php_fileinfo.dll
    .dll windows:6 windows x86 arch:x86

    9288b8c7a5f2dc88c35db707495489c2


    Headers

    Imports

    Exports

    Sections

  • php_gd2.dll
    .dll windows:6 windows x86 arch:x86

    c96f6fb0e1df9e9fa43bcb036018adf4


    Headers

    Imports

    Exports

    Sections

  • php_geoip.dll
    .dll windows:6 windows x86 arch:x86

    340c10a07045f3e23cb52c5877401e4b


    Headers

    Imports

    Exports

    Sections

  • php_gettext.dll
    .dll windows:6 windows x86 arch:x86

    3f36788e16ee814e46a4733513017f79


    Headers

    Imports

    Exports

    Sections

  • php_gmp.dll
    .dll windows:6 windows x86 arch:x86

    3c0deda1e5ac19ae03ce952d55702b1e


    Headers

    Imports

    Exports

    Sections

  • php_imagick_ts.dll
    .dll windows:6 windows x86 arch:x86

    eb65a754210577430a611bed84e8b0ff


    Headers

    Imports

    Exports

    Sections

  • php_imap.dll
    .dll windows:6 windows x86 arch:x86

    53197b5be9560ac4f10a363c68a937cd


    Headers

    Imports

    Exports

    Sections

  • php_interbase.dll
    .dll windows:6 windows x86 arch:x86

    54db3636478256ee31e3a76c28829aaf


    Headers

    Imports

    Exports

    Sections

  • php_intl.dll
    .dll windows:6 windows x86 arch:x86

    308730ee98d0a73179e090b95270a6ec


    Headers

    Imports

    Exports

    Sections

  • php_ldap.dll
    .dll windows:6 windows x86 arch:x86

    66aa6925ff1658ae743555ed223503e8


    Headers

    Imports

    Exports

    Sections

  • php_mbstring.dll
    .dll windows:6 windows x86 arch:x86

    782608d5df88ddf32678d724f9cc628b


    Headers

    Imports

    Exports

    Sections

  • php_mysql.dll
    .dll windows:6 windows x86 arch:x86

    6385558aabd6a1800930e2dce713ccc7


    Headers

    Imports

    Exports

    Sections

  • php_mysqli.dll
    .dll windows:6 windows x86 arch:x86

    4928bd303464d6d83d841d8694241fd6


    Headers

    Imports

    Exports

    Sections

  • php_oci8_12c.dll
    .dll windows:6 windows x86 arch:x86

    695d55500cd4d73116281b617998a582


    Headers

    Imports

    Exports

    Sections

  • php_opcache.dll
    .dll windows:6 windows x86 arch:x86

    a7dfb27a156070547b2289be9b08970b


    Headers

    Imports

    Exports

    Sections

  • php_openssl.dll
    .dll windows:6 windows x86 arch:x86

    c37055c78b3cdf3de8e19bc595b5b3df


    Headers

    Imports

    Exports

    Sections

  • php_pdo_firebird.dll
    .dll windows:6 windows x86 arch:x86

    df1c0bc3bc88d369ee4dca4a9dad0c01


    Headers

    Imports

    Exports

    Sections

  • php_pdo_mysql.dll
    .dll windows:6 windows x86 arch:x86

    a7d62f22cc385713b49daafe4c566d01


    Headers

    Imports

    Exports

    Sections

  • php_pdo_oci.dll
    .dll windows:6 windows x86 arch:x86

    dd565371f974bb8db1970a66f3f7c345


    Headers

    Imports

    Exports

    Sections

  • php_pdo_odbc.dll
    .dll windows:6 windows x86 arch:x86

    01daa3b859251207f25b01a55b7578d2


    Headers

    Imports

    Exports

    Sections

  • php_pdo_pgsql.dll
    .dll windows:6 windows x86 arch:x86

    9c05c0faea9f47521025a4bf2298fcd6


    Headers

    Imports

    Exports

    Sections

  • php_pdo_sqlite.dll
    .dll windows:6 windows x86 arch:x86

    6d303db38c313d7888933e124542fb93


    Headers

    Imports

    Exports

    Sections

  • php_pgsql.dll
    .dll windows:6 windows x86 arch:x86

    7985d5079895cd1304f98ba5807c0ee7


    Headers

    Imports

    Exports

    Sections

  • php_shmop.dll
    .dll windows:6 windows x86 arch:x86

    a28755faa2b25d30cd8a67842640cfec


    Headers

    Imports

    Exports

    Sections

  • php_snmp.dll
    .dll windows:6 windows x86 arch:x86

    8292b97ca962e323e24fb6e0028935e8


    Headers

    Imports

    Exports

    Sections

  • php_soap.dll
    .dll windows:6 windows x86 arch:x86

    723584dd9e794d2a774f859e1613fd59


    Headers

    Imports

    Exports

    Sections

  • php_sockets.dll
    .dll windows:6 windows x86 arch:x86

    310d912258f724db9807a645b290c816


    Headers

    Imports

    Exports

    Sections

  • php_sqlite3.dll
    .dll windows:6 windows x86 arch:x86

    66267eea40cff46c44974ee2082cd56b


    Headers

    Imports

    Exports

    Sections

  • php_sybase_ct.dll
    .dll windows:6 windows x86 arch:x86

    f9a463954bb5aa121dcd76555dd33bb8


    Headers

    Imports

    Exports

    Sections

  • php_tidy.dll
    .dll windows:6 windows x86 arch:x86

    f9e1c4ed2aaff417a59a47e3b54e1968


    Headers

    Imports

    Exports

    Sections

  • php_xmlrpc.dll
    .dll windows:6 windows x86 arch:x86

    88dcb8f9b4f324079187b994390a2423


    Headers

    Imports

    Exports

    Sections

  • php_xsl.dll
    .dll windows:6 windows x86 arch:x86

    0f6dcca45d7daaabb908b67bf6b17898


    Headers

    Imports

    Exports

    Sections

  • phpdbg.exe
    .exe windows:6 windows x86 arch:x86

    1174c079d08f274ec7b8ebd20c964c07


    Headers

    Imports

    Exports

    Sections

  • snapshot.txt
  • ssleay32.dll
    .dll windows:6 windows x86 arch:x86

    9d18e833308f14486c429622f855329d


    Headers

    Imports

    Exports

    Sections

  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    ab6770b0a8635b9d92a5838920cfe770


    Headers

    Imports

    Sections

  • vcomp110.dll
    .dll windows:6 windows x86 arch:x86

    d15a7e566b2a434a86f8370e3286e09b


    Code Sign

    Headers

    Imports

    Exports

    Sections