Overview

overview

8

Static

static

3

d4de53d985...18.exe

windows7-x64

7

d4de53d985...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...iz.url

windows7-x64

6

$SMPROGRAM...iz.url

windows10-2004-x64

3

$TEMP/inst..._x.exe

windows7-x64

8

$TEMP/inst..._x.exe

windows10-2004-x64

8

$PLUGINSDI...ay.dll

windows7-x64

3

$PLUGINSDI...ay.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Flash9e.dll

windows7-x64

3

Flash9e.dll

windows10-2004-x64

3

FlashUtil9e.exe

windows7-x64

3

FlashUtil9e.exe

windows10-2004-x64

3

$TEMP/inst..._x.msi

windows7-x64

6

$TEMP/inst..._x.msi

windows10-2004-x64

6

Inmarket.biz.url

windows7-x64

6

Inmarket.biz.url

windows10-2004-x64

3

License.rtf

windows7-x64

4

License.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    d4de53d98500b3948b271922e6ba50b2_JaffaCakes118

  • Size

    6.3MB

  • MD5

    d4de53d98500b3948b271922e6ba50b2

  • SHA1

    66d6d73ea48c3f41a198728b700181cf5ecc14e6

  • SHA256

    d313f870025e8fcdb75818030e79afb4867e25e8b03f2721f6ebc22e130bf1d2

  • SHA512

    a7cf11df1b34ce024eecfb0df7666848eb88cb0843155dceca08e33280a3fe996030c1c9b9bc77510d3a8929a31f09cb518593779949b0ca03160613f6946ada

  • SSDEEP

    196608:bTZeZlF6iOYoM8pIdrohhzYiboPa4+8looqWLcwIO:bGlFqYrwoi03lZqWH7

Score
3/10

Malware Config

Signatures

  • Unsigned PE 11 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • d4de53d98500b3948b271922e6ba50b2_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    b2a0d9368ec1be7deb968a920e5c993e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    7868cd55f358bfb360f9eb8ce1512ca0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SMPROGRAMS/$_2_/Inmarket.biz.url
  • $TEMP/install_flash_player_active_x.exe
    .exe windows:4 windows x86 arch:x86

    f14903f539cc8667478f89ca4497258f


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/NSISArray.dll
    .dll windows:4 windows x86 arch:x86

    91596216b99c852af6e0fb1fe8192de4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    48cfa0ea7e353e4a7dd23572da8374ef


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/fpinstall.dll
    .dll windows:4 windows x86 arch:x86

    4bb7026bcfe942cdf23b6f661ad54f48


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    238a16a49edf3ab59e2f8c89449c9af7


    Headers

    Imports

    Exports

    Sections

  • Flash9e.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    4b3db273ae1073c5fb8f343f4f754869


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FlashUtil9e.exe
    .exe windows:4 windows x86 arch:x86

    a9d79d340821ec352051fcf0138d0a55


    Code Sign

    Headers

    Imports

    Sections

  • uninstall_activeX.exe.nsis
  • $TEMP/install_flash_player_active_x.msi
    .msi
  • Inmarket.biz.url
  • License.rtf
    .rtf
  • Navigator.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • plugins/0/start/1.html
  • plugins/0/start/11.html
  • plugins/0/start/12.html
  • plugins/0/start/13.html
  • plugins/0/start/14.html
  • plugins/0/start/15.html
  • plugins/0/start/16.html
  • plugins/0/start/17.html
  • plugins/0/start/18.html
  • plugins/0/start/19.html
  • plugins/0/start/arrow-back.gif
    .gif
  • plugins/0/start/arrow.gif
    .gif
  • plugins/0/start/bg.jpg
    .jpg
  • plugins/1/start/1.html
  • plugins/1/start/11.html
  • plugins/1/start/12.html
  • plugins/1/start/13.html
  • plugins/1/start/14.html
  • plugins/1/start/15.html
  • plugins/1/start/16.html
  • plugins/1/start/17.html
  • plugins/1/start/18.html
  • plugins/1/start/19.html
  • plugins/1/start/arrow-back.gif
    .gif
  • plugins/1/start/arrow.gif
    .gif
  • plugins/1/start/bg.jpg
    .jpg
  • plugins/2/start/1.html
  • plugins/2/start/11.html
  • plugins/2/start/12.html
  • plugins/2/start/13.html
  • plugins/2/start/14.html
  • plugins/2/start/15.html
  • plugins/2/start/16.html
  • plugins/2/start/17.html
  • plugins/2/start/18.html
  • plugins/2/start/19.html
  • plugins/2/start/arrow-back.gif
    .gif
  • plugins/2/start/arrow.gif
    .gif
  • plugins/2/start/bg.jpg
    .jpg
  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    b2a0d9368ec1be7deb968a920e5c993e


    Headers

    Imports

    Sections