Overview

overview

7

Static

static

7

e22cab6dd5...18.exe

windows7-x64

7

e22cab6dd5...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

FM_Client.exe

windows7-x64

7

FM_Client.exe

windows10-2004-x64

7

Fts32.dll

windows7-x64

3

Fts32.dll

windows10-2004-x64

3

WhatsNew.rtf

windows7-x64

4

WhatsNew.rtf

windows10-2004-x64

1

fm_client.chm

windows7-x64

1

fm_client.chm

windows10-2004-x64

1

fm_client.exe

windows7-x64

7

fm_client.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e22cab6dd53b2cbba41ba9d1595836e3_JaffaCakes118

  • Size

    9.8MB

  • MD5

    e22cab6dd53b2cbba41ba9d1595836e3

  • SHA1

    cd4198970b42fc91b7f46c62a6c5a21790c9520d

  • SHA256

    e4b7bcb99c192f64d4e6c3edabd664fc9ebe878910cf34cd835c7460cf975d97

  • SHA512

    88acfc983025a317fe2214fd683016cd1878cb60b920323f116aa42d86709e23624bf195e59cd48727713d00fad7d2cd6ebe14c0ccde87bedea9452e01ee97d3

  • SSDEEP

    196608:VelOL9o8QKUzQqqUGmRC6Lokq6552O2Km1wO00oG5pTlFlXVCpyt1WOmqER2Nz:kOKHdzqBTJsZDOtlTlFlnt0Ozi21

Score
7/10
vmprotectupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • e22cab6dd53b2cbba41ba9d1595836e3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    3abe302b6d9a1256e6a915429af4ffd2


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    610235b90207a63ccf481f0d4375d329


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • FM_Client.dll
    .exe windows:5 windows x86 arch:x86

    b47d036daf83b20f8730c1eb82ae10be


    Headers

    Imports

    Exports

    Sections

  • Fts32.dll
    .dll windows:4 windows x86 arch:x86

    c5bcfd7c98611bd84ab7b58a012f48ee


    Headers

    Imports

    Exports

    Sections

  • WhatsNew.rtf
    .rtf
  • fm_client.chm
    .chm
  • fm_client.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • fm_client.ini