Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    debf1a6e4fb720247d2b614b4c6990f1_JaffaCakes118

  • Size

    1.9MB

  • MD5

    debf1a6e4fb720247d2b614b4c6990f1

  • SHA1

    9511196501e82e7de0d9d5d2c507b5db7084b746

  • SHA256

    7165fc143a4ac0d0fd3bfffd78430e900f5707ee6de9651820add9ca3ea469bc

  • SHA512

    adc942241e8e52e19937b4cb8fd4de56e3f2af3dad345bce018c7302314897871a02b7d456c70b0796dccb13bc7a6e797d1fb5270b3b6635d58c60afd4f6725c

  • SSDEEP

    49152:a3mWCgCYjyVcX7PNNBpjBlqAwRmhEFiPF2hzDNXzO/0uetGL7:a3mWayTX7lpqAsFiMhnNDI

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • debf1a6e4fb720247d2b614b4c6990f1_JaffaCakes118
    .rar
  • vpnclient/28ip.html
  • vpnclient/gonggao.htm
    .html
  • vpnclient/images/Thumbs.db
  • vpnclient/images/gonggao.gif
    .gif
  • vpnclient/images/khd.css
  • vpnclient/images/wenzi_1.jpg
    .jpg
  • vpnclient/images/wenzi_2.jpg
    .jpg
  • vpnclient/images/wenzi_bt.jpg
    .jpg
  • vpnclient/images/wenzi_left.jpg
    .jpg
  • vpnclient/images/zhuce.gif
    .gif
  • vpnclient/ip.html
  • vpnclient/ssm.html
    .html .js polyglot
  • vpnclient/top.htm
    .html
  • vpnclient/toppic.jpg
    .jpg
  • vpnclient/toppic222.jpg
    .gif
  • vpnclient/vpnlist.txt
  • vpnclient/vpnlisten.txt
  • vpnclient/youyou.ico
  • vpnclient/yyvpnip.html
  • vpnclient/新建 文本文档.txt
  • vpnclient2/28vpn.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • vpnclient2/28vpn_en_5.0.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • vpnclient2/28vpn_zh_5.0.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • vpnclient2/gonggao.htm
    .html
  • vpnclient2/images/1.gif
    .gif
  • vpnclient2/images/2.gif
    .gif
  • vpnclient2/images/3.gif
    .gif
  • vpnclient2/images/Thumbs.db
  • vpnclient2/images/gonggao.gif
    .gif
  • vpnclient2/images/khd.css
  • vpnclient2/images/wenzi_1.jpg
    .jpg
  • vpnclient2/images/wenzi_2.jpg
    .jpg
  • vpnclient2/images/wenzi_bt.jpg
    .jpg
  • vpnclient2/images/wenzi_left.jpg
    .jpg
  • vpnclient2/images/zhuce.gif
    .gif
  • vpnclient2/top.htm
    .html
  • vpnclient2/top.rar
    .rar
  • top.htm
    .html
  • vpnclient2/toppic88888.jpg
    .gif
  • vpnclient2/vpnclient2.lnk
    .lnk
  • vpnclient2/vpnlist.txt
  • vpnclient2/vpnlisten.txt
  • vpnclient2/youyou.ico
  • vpnclient2/复件 (2) top.htm
    .html
  • vpnclient2/复件 top.htm
    .html