Overview

overview

7

Static

static

7

c8172e6486...18.exe

windows7-x64

7

c8172e6486...18.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...nd.dll

windows7-x64

3

$PLUGINSDI...nd.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

$TEMP/$_9_...in.dll

windows7-x64

3

$TEMP/$_9_...in.dll

windows10-2004-x64

3

7za.exe

windows7-x64

3

7za.exe

windows10-2004-x64

3

Greening.dll

windows7-x64

3

Greening.dll

windows10-2004-x64

3

NsisPlugin.dll

windows7-x64

3

NsisPlugin.dll

windows10-2004-x64

3

aq7z.dll

windows7-x64

3

aq7z.dll

windows10-2004-x64

3

aqhttp.dll

windows7-x64

3

aqhttp.dll

windows10-2004-x64

3

flashplaye...ug.exe

windows7-x64

3

flashplaye...ug.exe

windows10-2004-x64

3

flashplaye...it.exe

windows7-x64

3

flashplaye...it.exe

windows10-2004-x64

3

Խ�...��.exe

windows7-x64

3

Խ�...��.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8172e64861bb97e51fc9b5543ba55fe_JaffaCakes118

  • Size

    12.4MB

  • MD5

    c8172e64861bb97e51fc9b5543ba55fe

  • SHA1

    648cf3e381ac61f8b6bfc8129546f8adfd85af37

  • SHA256

    a6e5a8a215a0dc10694aea0b7f38f48793fec4310df633d9fa91038e29bfe626

  • SHA512

    6204aa4ca50bce92916a8a4825101391a4abf76e5cd8a8eca2cdd4c80bfb461d176711e1878d9c5ab0f13fc509372655925938d7d2d780671c5ed61571f3498d

  • SSDEEP

    196608:YDxyHasJ4mcdeFdLAiqolsWoVsOaJFFUSrNGngbFQ59wb4tiVXNWBRpuR:YFGJ5cdeF+ifyyHPrqgbaTCPWBDuR

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 13 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • c8172e64861bb97e51fc9b5543ba55fe_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ButtonEvent.dll
    .dll windows:4 windows x86 arch:x86

    0ece15e7d9bb35972aec701f46192460


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MyNsisExtend.dll
    .dll windows:4 windows x86 arch:x86

    0b0f6f2578ce650dcdda31f442fb709d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    38e7b5c3ee58b43a91f9679e94aabd09


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsRandom.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $TEMP/$_9_/GMSkin_Image_2012_v1.zip
    .zip
  • skin.xml
  • skin/Thumbs.db
  • skin/icon1.png
    .png
  • skin/保存目录.png
    .png
  • skin/关闭.png
    .png
  • skin/协议背景.png
    .png
  • skin/卸载完成.png
    .png
  • skin/卸载完成按钮.png
    .png
  • skin/卸载背景.png
    .png
  • skin/取消.png
    .png
  • skin/图片背景框.png
    .png
  • skin/多选.png
    .png
  • skin/多选2.png
    .png
  • skin/安装.png
    .png
  • skin/安装01.png
    .png
  • skin/安装02.png
    .png
  • skin/安装03.png
    .png
  • skin/安装04.png
    .png
  • skin/安装协议.png
    .png
  • skin/安装完成.png
    .png
  • skin/安装完成按钮.png
    .png
  • skin/完成.png
    .png
  • skin/广告关闭.png
    .png
  • skin/底部背景.png
    .png
  • skin/开始安装.png
    .png
  • skin/按钮.png
    .png
  • skin/最小化.png
    .png
  • skin/最小化2.png
    .png
  • skin/格子.png
    .png
  • skin/欢迎.png
    .png
  • skin/浏览.png
    .png
  • skin/游戏弹出.png
    .png
  • skin/立即卸载.png
    .png
  • skin/软件弹出.png
    .png
  • skin/进度条.png
    .png
  • skin/进度条背景.png
    .png
  • skin/退出.png
    .png
  • skin/选项.png
    .png
  • skin/默认背景.png
    .png
  • $TEMP/$_9_/MyNsisSkin.dll
    .dll windows:4 windows x86 arch:x86

    8b2c18b411d31cbef33f61e5be07509a


    Headers

    Imports

    Exports

    Sections

  • $TEMP/$_9_/game.jpg
    .jpg
  • 7za.exe
    .exe windows:4 windows x86 arch:x86

    15847eb10d7d06dcd5980e8a9b786fd6


    Headers

    Imports

    Sections

  • ExeConfig.ini
  • Greening.dll
    .dll windows:6 windows x86 arch:x86

    66dd4cd47a25ca4dda9367864f4c1913


    Headers

    Imports

    Exports

    Sections

  • NsisPlugin.dll
    .dll windows:6 windows x86 arch:x86

    805da0dd95417c54a738367388b73e70


    Headers

    Imports

    Exports

    Sections

  • aq7z.dll
    .dll windows:6 windows x86 arch:x86

    c754325baab3e30ae04ade81a19fded9


    Headers

    Imports

    Exports

    Sections

  • aqhttp.dll
    .dll windows:6 windows x86 arch:x86

    9e6113e08a4e737e8d9ed8a18fecdd0c


    Headers

    Imports

    Exports

    Sections

  • flashplayer_10_sa_debug.exe
    .exe windows:5 windows x86 arch:x86

    7b79ac39f31a285f3182c031233d1a20


    Code Sign

    Headers

    Imports

    Sections

  • flashplayer_11_sa_debug_32bit.exe
    .exe windows:5 windows x86 arch:x86

    9d935320e17a06db6b40261fb63f7841


    Code Sign

    Headers

    Imports

    Sections

  • game.ico
  • uninst.exe.nsis
  • Խ֮ǹ޵а.exe
    .exe windows:4 windows x86 arch:x86

    677985dd414b6f56ecd6b5b040c4588e


    Headers

    Imports

    Sections

  • Խ֮ǹ޵а.swf