Overview

overview

7

Static

static

7

NotesPro.exe

windows7-x64

7

NotesPro.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

NotesPC.exe

windows7-x64

3

NotesPC.exe

windows10-2004-x64

3

Overview-S...es.pdf

windows7-x64

3

Overview-S...es.pdf

windows10-2004-x64

3

Secure-Not...al.chm

windows7-x64

1

Secure-Not...al.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

patch/secu...ch.exe

windows7-x64

7

patch/secu...ch.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    de917f864889257a83ec00547d9318e6_JaffaCakes118

  • Size

    733KB

  • MD5

    de917f864889257a83ec00547d9318e6

  • SHA1

    27f6ea6ff7a8eeb4f36ee15fbad5f2705c5a2122

  • SHA256

    e9c498d85d77aed072223bb43cff5863498418b0f7b699086b606e0ae7491268

  • SHA512

    c89dee4b4038b501787c4d96021ec6522f600c57b9f12b07fb2656e038b22c772d0968b3b42c2468740dc495f7f9fc6bfa30978049d703ff8f1702945709b5c0

  • SSDEEP

    12288:I7+w30k75yhQOVH6Oy4uAzZNwHU6VRu6oRGacCi21H8ETNw4FmXLvuwbs:FwZ75yZVHk4rZWHUURuTRGWi21cawV7u

Score
7/10
pdflinkupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • de917f864889257a83ec00547d9318e6_JaffaCakes118
    .rar
  • NotesPro.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • NotesPC.exe
    .exe windows:4 windows x86 arch:x86

    16aa8d3e5a0e2e3515ebe8205644fcf3


    Headers

    Imports

    Sections

  • Overview-Secure-Notes.pdf
    .pdf

    • http://www.softx.org/

    • http://www.softx.org/secure_notes_manual/contents.html

  • PocketPC/Notes.ini
  • PocketPC/Setup.CAB
    .cab
  • 000Setup.000
  • 0NotesCE.001
  • _setup.xml
  • Secure-Notes-Manual.chm
    .chm
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • patch/secure.notes.3.1-patch.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • 下载说明.htm
    .html .js polyglot