destroy
getWindow
show
General
-
Target
eb14a9f31ace8f83ed286bdbd8c65e1c_JaffaCakes118
-
Size
4.0MB
-
MD5
eb14a9f31ace8f83ed286bdbd8c65e1c
-
SHA1
30c2a3becc2b32817347cfff5d1d4c02811a2831
-
SHA256
2d3643ee84b44bdae847583b92835789d7976949bc7acd6c6e1d4be9b2df0c70
-
SHA512
340b95196949d8bb6e96a49d398e131b6766b3a7154cb1af694d7dae03767ad938ca9eda0752c74b3345e27c68b66085acbc29074456a6aa4a60a3d23cfebf25
-
SSDEEP
98304:GXZrF0CO8afC/wcWlDDQHoo2U4GInlPUPwqThLjYrQiu:GXW8gCYcOhGGsPRhYrQiu
Score
9/10
Malware Config
Signatures
-
Detected Nirsoft tools 5 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 48 IoCs
Checks for missing Authenticode signature.
-
NSIS installer 1 IoCs
Files
-
eb14a9f31ace8f83ed286bdbd8c65e1c_JaffaCakes118
Headers
Sections
-
$0/023.dat
-
$0/023v.dat
-
$0/023w7.dat
-
$0/AWF.cmd
-
$0/AppDataFile.cfx
-
$0/AppDataFolder.cfx
-
$0/Assoc.cmd
-
$0/Auto-RC.cmd
-
$0/Boot-Rk.cmd
-
$0/Boot.bat
-
$0/BootDrv.vbs
-
$0/CF-Script.cmd
-
$0/CSet.cmd
-
$0/Catch-sub.cmd
-
$0/Combo-Fix.sys
Headers
Sections
-
$0/ComboFix-Download.3XE
Headers
Sections
-
$0/Combobatch.bat
-
$0/Create.cmd
-
$0/Creg.dat
-
$0/CregC.cmd
-
$0/CregC.dat
-
$0/DPF.str
-
$0/DelClsid.bat
-
$0/DelClsid64.bat
-
$0/DesktopFile.cfx
-
$0/Dnl.dat
-
$0/DrvRun.vbs
-
$0/EN-US/iexplore.exe
0b9ca80ff295945b3cf5762a07ef3d50
Headers
Imports
Sections
-
$0/ERDNT.e_e
Headers
Sections
-
$0/ERDNTDOS.LOC
-
$0/ERDNTWIN.LOC
-
$0/ERUNT.3XE
Headers
Sections
-
$0/ERUNT.LOC
-
$0/Exe.reg
-
$0/FD-SV.cmd
-
$0/FIND3M.bat
-
$0/FIXLSP.bat
-
$0/FKMGen.cmd
-
$0/FavoriteFolder.cfx
-
$0/FavoritesFile.cfx
-
$0/FileKill.3XE
Headers
Sections
-
$0/Fin.dat
-
$0/GetHive.cmd
-
$0/Imefile.dat
-
$0/Install-RC.cmd
-
$0/Kill-All.cmd
-
$0/Ksvchost.vbs
-
$0/Lang.bat
-
$0/License/Curl - license.txt
-
$0/License/EXTRACT.TXT
-
$0/License/FI - license.txt
-
$0/License/UnxUtilsDist.com
-
$0/License/UnxUtilsDist.html
-
$0/License/UnxUtilsDist.pif
-
$0/License/Zip - license.txt
-
$0/License/dumphive-license.txt
-
$0/License/firefox.exe
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/License/iexplore.exe
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/License/mtee.txt
-
$0/License/ncmd.cfxxe
-
$0/License/pv_5_2_2.zip
-
pv.exe
8839be4e39be293b659bfa988210ebfa
Headers
Imports
Sections
-
pv.txt
-
$0/License/streamtools.zip
-
CS.exe
f398be39025828d3564ecb42ebba5dc1
Headers
Imports
Sections
-
DS.exe
3a4f4ffe0235b238623dbfdc406cb613
Headers
Imports
Sections
-
FS.bat
-
LS.exe
260f2d6b4b372c3976adb4866014670f
Headers
Imports
Sections
-
RS.bat
-
SF.exe
fa302e2d11235d136fef4e8823119994
Headers
Imports
Sections
-
SFs.bat
-
readme.txt
-
$0/List-B.bat
-
$0/List-C.bat
-
$0/List-D.bat
-
$0/List.bat
-
$0/LocalAppDataFile.cfx
-
$0/LocalAppDataFolder.cfx
-
$0/LocalService.dat
-
$0/LocalServiceNetworkRestricted.dat
-
$0/LocalSettingsFile.cfx
-
$0/LocalSystemNetworkRestricted.dat
-
$0/MoveIt.bat
-
$0/ND_.bat
-
$0/ND_64.bat
-
$0/NT-OS.cmd
-
$0/NetworkService.dat
-
$0/NirCmd.3XE
Headers
Sections
-
$0/NirCmd.chm
-
$0/NirCmdC.3XE
Headers
Sections
-
$0/NirScript.dat
-
$0/OSid.vbs
-
$0/P.cmd
-
$0/PersonalFile.cfx
-
$0/PersonalFolder.cfx
-
$0/Policies.dat
-
$0/Prep.inf
-
$0/ProfilesFile.cfx
-
$0/ProfilesFolder.cfx
-
$0/ProgramsFile.cfx
-
$0/ProgramsFolder.cfx
-
$0/Purity.dat
-
$0/RCLink.dat
-
$0/REGDACL.sed
-
$0/RegDo.sed
-
$0/RegScan.cmd
-
$0/RegScan64.cmd
-
$0/Rkey.cmd
-
$0/Rust.str
-
$0/SRestore.cmd
-
$0/Safeboot.def.w7.dat
-
$0/SetEnvmt.bat
-
$0/SnapShot.cmd
-
$0/StartMenuFile.cfx
-
$0/StartMenuFolder.cfx
-
$0/StartUpFile.cfx
-
$0/SuppScan.cmd
-
$0/SvcDrv.vbs
-
$0/TemplatesFile.cfx
-
$0/TemplatesFolder.cfx
-
$0/Update-CF.cmd
-
$0/VINFO3
-
$0/VInfo
-
$0/VInfo2
-
$0/Vipev.dat
-
$0/VwinTemp.dacl
-
$0/Wmi_rem.vbs
-
$0/XPSBoot.reg
-
$0/appinit.bad
-
$0/asp.str
-
$0/av.cmd
-
$0/av.vbs
-
$0/badclsid.c
-
$0/c.bat
-
$0/catchme.3XE
Headers
Sections
-
$0/clsid.c
-
$0/dd.3XE
64d9aef39f523506361ff18b89009f8e
Headers
Imports
Sections
-
$0/ddsDo.sed
-
$0/dumphive.3XE
Headers
Sections
-
$0/embedded.sed
-
$0/extract.3XE
8e25b5eb3246f3f49ae2691af0c048a9
Headers
Imports
Sections
-
$0/ffdefstr.dll
-
$0/files.pif
-
$0/firefox.exe
Headers
Sections
-
$0/fl0.bat
-
$0/grep.3XE
c97b49126e50ac1ce7b74b693d30c071
Headers
Imports
Sections
-
$0/gsar.3XE
1e717a96b171e93af08d308d792e2988
Headers
Imports
Sections
-
$0/handle.3XE
Headers
Sections
-
$0/hidec.3XE
0b9ca80ff295945b3cf5762a07ef3d50
Headers
Imports
Sections
-
$0/history.bat
-
$0/hwid.pif
-
$0/iexplore.exe
Headers
Sections
-
$0/image001.gif
-
$0/katch.cmd
-
$0/lnkread.vbs
-
$0/mbr.3XE
Headers
Sections
-
$0/mbr.chk
-
$0/md5sum.pif
-
$0/md5sum00.pif
-
$0/mtee.3XE
82221724921e808aa6400fa8d9c34ee4
Headers
Imports
Sections
-
$0/n.pif
Headers
Sections
-
$0/ncmd.com
-
$0/ndis_combofix.dat
-
$0/netsvc.bad.dat
-
$0/netsvc.dat
-
$0/netsvc.vista.dat
-
$0/netsvc.xp.dat
-
$0/pausep.3XE
Headers
Sections
-
$0/pev.3XE
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/pevb.3XE
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
$0/powp.dat
-
$0/pv.com
8839be4e39be293b659bfa988210ebfa
Headers
Imports
Sections
-
$0/region.dat
-
$0/restore_pt.vbs
-
$0/rmbr.3XE
Headers
Sections
-
$0/rogues.dat
-
$0/run2.sed
-
$0/s0rt.3XE
9653f3d648c148b092db8db2f905dab5
Headers
Imports
Sections
-
$0/safeboot.dat
-
$0/safeboot.def.dat
-
$0/safeboot.def.vista.dat
-
$0/sed.3XE
1cee480ebd694271852212fe8916758c
Headers
Imports
Sections
-
$0/setpath.3XE
Headers
Sections
-
$0/srizbi.md5
-
$0/svc_wht.dat
-
$0/svchost.dat
-
$0/svchost.vista.dat
-
$0/svchost.vista.x64.dat
-
$0/svchost.w7.dat
-
$0/svchost.w7.x64.dat
-
$0/swreg.3XE
Headers
Sections
-
$0/swsc.3XE
Headers
Sections
-
$0/swxcacls.3XE
Headers
Sections
-
$0/system_ini.dat
-
$0/tail.3XE
c64fd2e23cff0a336f8eb4a43944d4d4
Headers
Imports
Sections
-
$0/toolbar.sed
-
$0/vistaMcode.dat
-
$0/vistareg.dat
-
$0/vun.dat
-
$0/w2k_sock.dll
-
$0/w2kreg.dat
-
$0/w7Mcode.dat
-
$0/w7reg.dat
-
$0/w_sock.dll
-
$0/xpmcode.dat
-
$0/xpreg.dat
-
$0/zDomain.dat
-
$0/zhsvc.dat
-
$0/zip.3XE
96d53cbe726033acccdb834558b71d97
Headers
Imports
Sections
-
$PLUGINSDIR/Banner.dll
7a3709b093081d5614be1eaa2fe7fe76
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/ExecCmd.dll
bf44c9fb48bb8c36b3e2527e7252350d
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/System.dll
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/UserInfo.dll
afa8e526425f3585465337467d0b5909
Headers
Imports
Exports
Sections
-
$PLUGINSDIR/nsExec.dll
d83f71e61ee459ee63ca3e829966a9dc
Headers
Imports
Exports
Sections
-
out.upx
Headers
Sections