Overview

overview

6

Static

static

3

GSP药店�...��.exe

windows7-x64

3

GSP药店�...��.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

ButtonSkin.dll

windows7-x64

3

ButtonSkin.dll

windows10-2004-x64

3

LHT_mdibmp.dll

windows7-x64

3

LHT_mdibmp.dll

windows10-2004-x64

3

Update.exe

windows7-x64

3

Update.exe

windows10-2004-x64

3

dbmssocn.dll

windows7-x64

3

dbmssocn.dll

windows10-2004-x64

3

dbnetlib.dll

windows7-x64

3

dbnetlib.dll

windows10-2004-x64

3

dbnmpntw.dll

windows7-x64

3

dbnmpntw.dll

windows10-2004-x64

3

gsp.exe

windows7-x64

6

gsp.exe

windows10-2004-x64

3

libjcc.dll

windows7-x64

3

libjcc.dll

windows10-2004-x64

3

libjsybheap.dll

windows7-x64

3

libjsybheap.dll

windows10-2004-x64

3

menu_kit.dll

windows7-x64

3

menu_kit.dll

windows10-2004-x64

3

msmdbtool.exe

windows7-x64

6

msmdbtool.exe

windows10-2004-x64

3

pbdwe90.dll

windows7-x64

3

pbdwe90.dll

windows10-2004-x64

3

pbmss90.dll

windows7-x64

3

pbmss90.dll

windows10-2004-x64

3

pbodb90.dll

windows7-x64

3

pbodb90.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    eba7b5acb867d48e987f2afcae16d6f4_JaffaCakes118

  • Size

    5.1MB

  • MD5

    eba7b5acb867d48e987f2afcae16d6f4

  • SHA1

    691642c340a4967746c2b1749ec8d04a30a0b880

  • SHA256

    aadf991556a795c97c487c10848810645b2815d4f0aab9b87544dac5ecdf888c

  • SHA512

    d5f62414c02bc7509d13feabc8efb95638d432783fdca36c9a86ceef189390d5b0d56b7b89226e8789f3ade6252ad3e5b66d66b9e6506e1d389178393307419c

  • SSDEEP

    98304:TyTjmKwhM2Rea1NW6EJuf3kTeSmjqfku24oMYhWdqATRFlDMSmj:Qgx1lEXe3P3dUzk

Score
3/10

Malware Config

Signatures

  • Unsigned PE 20 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • eba7b5acb867d48e987f2afcae16d6f4_JaffaCakes118
    .rar
  • GSP药店管理系统.exe
    .exe windows:4 windows x86 arch:x86

    dfb06052e74b26a42b0e490bd1c07959


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • ButtonSkin.dll
    .dll windows:4 windows x86 arch:x86

    a760606a533af4814ef9283c1ca3b322


    Headers

    Imports

    Exports

    Sections

  • Config.ini
  • LHT_mdibmp.dll
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • Update.exe
    .exe windows:4 windows x86 arch:x86

    62f205fe3d5e06c190cbad78ac9b9e4e


    Headers

    Imports

    Sections

  • app.pbd
  • basic.pbd
  • data/management.mdb
  • dbmssocn.dll
    .dll windows:4 windows x86 arch:x86

    0308deee9f67f74385166e56fb5d1431


    Headers

    Imports

    Exports

    Sections

  • dbnetlib.dll
    .dll windows:5 windows x86 arch:x86

    ad360252cbae41f069ad9fdc23286b74


    Headers

    Imports

    Exports

    Sections

  • dbnmpntw.dll
    .dll windows:5 windows x86 arch:x86

    55dad475c99479340c2fa22b29dc46e2


    Headers

    Imports

    Exports

    Sections

  • error.pbd
  • finance.pbd
  • gsp.exe
    .exe windows:4 windows x86 arch:x86

    62f205fe3d5e06c190cbad78ac9b9e4e


    Headers

    Imports

    Sections

  • gsp.exe.manifest
  • ico/Arrow-Left.ico
  • ico/Arrow-Right.ico
  • ico/Back.ico
  • ico/Download.ico
  • ico/Edit3.ico
  • ico/Error.ico
  • ico/Home.ico
  • ico/ICO.psd
  • ico/MEDICINE.ico
  • ico/MEDICINE1.ico
  • ico/Ok.ico
  • ico/Password.ico
  • ico/Password1.ico
  • ico/Public.ico
  • ico/Refresh.ico
  • ico/Search1.ico
  • ico/Thumbs.db
  • ico/Up.ico
  • ico/WRITE3.ICO
  • ico/aa.ico
  • ico/close.ico
  • ico/delete.ico
  • ico/down.gif
    .gif
  • ico/down.ico
  • ico/edit.ICO
  • ico/edit1.ICO
  • ico/end.ico
  • ico/excel.ico
  • ico/exit.ico
  • ico/find.ico
  • ico/find1.ico
  • ico/first.ico
  • ico/item.gif
    .gif
  • ico/kc.ico
  • ico/key.ico
  • ico/logo.ico
  • ico/money.ICO
  • ico/new.ico
  • ico/print.ico
  • ico/printer.ico
  • ico/report.ico
  • ico/save.ico
  • ico/setup.ico
  • ico/up.gif
    .gif
  • ico/user.gif
    .gif
  • ico/user.ico
  • libjcc.dll
    .dll windows:4 windows x86 arch:x86

    98596f3e5d37e9c19b26b7b51d9ef9fd


    Headers

    Imports

    Exports

    Sections

  • libjsybheap.dll
    .dll windows:4 windows x86 arch:x86

    cd185ae96e493c13224d6c93f6fa483f


    Headers

    Imports

    Exports

    Sections

  • main.exe.manifest
  • menu_kit.dll
    .dll windows:1 windows x86 arch:x86

    d1910d572b6bc416af5e05fafac1bf15


    Headers

    Imports

    Exports

    Sections

  • menu_kit.pbd
  • msmdbtool.exe
    .exe windows:4 windows x86 arch:x86

    62f205fe3d5e06c190cbad78ac9b9e4e


    Headers

    Imports

    Sections

  • msmdbtool.exe.manifest
  • myobject.pbd
  • pbdwe90.dll
    .dll windows:4 windows x86 arch:x86

    9798a64cf49f5c0685e7495494887d11


    Headers

    Imports

    Exports

    Sections

  • pbmss90.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    431a7249710495af97317169bd47d2c1


    Headers

    Imports

    Exports

    Sections

  • pbodb90.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    3fdbe0f48e44d352309e67103520410b


    Headers

    Imports

    Exports

    Sections

  • pbodb90.ini
  • pbtra90.dll
    .dll windows:4 windows x86 arch:x86

    a4643102e864b035ba999f124366793a


    Headers

    Imports

    Exports

    Sections

  • pbvm90.dll
    .dll windows:4 windows x86 arch:x86

    488a02bfb552cd3f3de7ad4be6b3e52c


    Headers

    Imports

    Exports

    Sections

  • sale.pbd
  • tool.pbd
  • ui.pbd
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    dfb06052e74b26a42b0e490bd1c07959


    Headers

    Imports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    153027ec3b10bcea606b777657dd3402


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • 新云软件.url
    .url