Overview

overview

7

Static

static

7

mpcrmsetup.exe

windows7-x64

7

mpcrmsetup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

SWind.dll

windows7-x64

3

SWind.dll

windows10-2004-x64

3

client/index.html

windows7-x64

3

client/index.html

windows10-2004-x64

3

client/vie.../js.js

windows7-x64

3

client/vie.../js.js

windows10-2004-x64

3

client/vie...st.htm

windows7-x64

3

client/vie...st.htm

windows10-2004-x64

3

client/vie...in.htm

windows7-x64

3

client/vie...in.htm

windows10-2004-x64

3

client/vie...in.htm

windows7-x64

3

client/vie...in.htm

windows10-2004-x64

3

client/vie...enu.js

windows7-x64

3

client/vie...enu.js

windows10-2004-x64

3

client/view/list.exe

windows7-x64

3

client/view/list.exe

windows10-2004-x64

3

funnel.htm

windows7-x64

3

funnel.htm

windows10-2004-x64

3

mpcrm.dll

windows7-x64

1

mpcrm.dll

windows10-2004-x64

1

mpcrm.exe

windows7-x64

3

mpcrm.exe

windows10-2004-x64

3

mpsoftup.exe

windows7-x64

3

mpsoftup.exe

windows10-2004-x64

7

mpweb.exe

windows7-x64

3

mpweb.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebbfa0ce75e8dd2ca2544575bc40e170_JaffaCakes118

  • Size

    14.2MB

  • MD5

    ebbfa0ce75e8dd2ca2544575bc40e170

  • SHA1

    b7f76dce06f64cb1eb0f8433688b9b73101a2ec3

  • SHA256

    5cbc9b548f34c542cb9771fb1bde9c2833aa2e942fc003f2a7e12aba70e326e2

  • SHA512

    1920682926719f2efe738911b97ad212dcd874604e81c6b354d76ffdcc86fface80a4f1c4454adbb4565c4f33eb1ffb7b01a5a8e16357b5115c8911f15088e1d

  • SSDEEP

    393216:4o1JhjKJNaAseCN0VI+RQDXbi29aUt2XF158YJt0nJ1e6uDK:B3OyeC8QDXPnuJt0JQ6x

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Unsigned PE 9 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • ebbfa0ce75e8dd2ca2544575bc40e170_JaffaCakes118
    .rar
  • mpcrmsetup.exe
    .exe windows:4 windows x86 arch:x86

    9632e80596371cfa7f563f680f3c4498


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    3764e6c387ce3c76b39936a24d523dce


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/advsplash.dll
    .dll windows:4 windows x86 arch:x86

    41e025c99a5f731479582ce64a2527f4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/spltmp.bmp
  • SWind.dll
    .dll windows:4 windows x86 arch:x86

    77472420329c28b3c0e01e2c5e741ed3


    Headers

    Imports

    Exports

    Sections

  • client/index.html
    .html
  • client/view/default/admin_bg_1.gif
    .gif
  • client/view/default/arrow_r.gif
    .gif
  • client/view/default/banner.gif
    .gif
  • client/view/default/banner1.gif
    .gif
  • client/view/default/blank.gif
    .gif
  • client/view/default/gray_banr.gif
    .gif
  • client/view/default/js.js
    .js
  • client/view/default/list.htm
    .html
  • client/view/default/login.htm
    .html
  • client/view/default/loginbg.jpg
    .jpg
  • client/view/default/loginbg1.jpg
    .jpg
  • client/view/default/logo.gif
    .gif
  • client/view/default/main.css
  • client/view/default/main.htm
    .html
  • client/view/default/menu.js
  • client/view/default/navspacer.gif
    .gif
  • client/view/list.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • data/crm2.mdb
  • data/mpdata.mdb
  • data/postnum.txt
  • data/teldata.mdb
  • funnel.htm
    .html
  • help/about.jpg
    .jpg
  • help/before.gif
    .gif
  • help/boxset.jpg
    .jpg
  • help/clip0001.gif
  • help/clip0002.gif
  • help/clip0003.gif
  • help/clip0004.gif
  • help/clip0005.gif
  • help/clip0006.gif
  • help/clip0007.gif
  • help/clip0008.gif
  • help/clip0009.gif
  • help/clip0010.gif
  • help/clip0011.gif
  • help/clip0012.gif
  • help/clip0013.gif
  • help/clip0014.gif
  • help/clip0016.gif
  • help/clip0018.gif
  • help/clip0019.gif
  • help/clip0020.gif
  • help/clip0021.gif
  • help/clip0022.gif
  • help/clip0023.gif
  • help/crm01.jpg
    .jpg
  • help/crm02.jpg
    .jpg
  • help/crm03.jpg
    .jpg
  • help/crm04.jpg
    .jpg
  • help/crm05.jpg
    .jpg
  • help/crm06.jpg
    .jpg
  • help/crm07.jpg
    .jpg
  • help/crm08.jpg
    .jpg
  • help/crm09.jpg
    .jpg
  • help/crm10.jpg
    .jpg
  • help/crm11.jpg
    .jpg
  • help/crm12.jpg
    .jpg
  • help/crm13.jpg
    .jpg
  • help/crm14.jpg
    .jpg
  • help/crm15.jpg
    .jpg
  • help/crm16.jpg
    .jpg
  • help/crm17.jpg
    .jpg
  • help/crm18.jpg
    .jpg
  • help/crm19.jpg
    .jpg
  • help/crm20.jpg
    .jpg
  • help/crm21.jpg
    .jpg
  • help/crm22.jpg
    .jpg
  • help/crm23.jpg
    .jpg
  • help/crm24.jpg
    .jpg
  • help/crm25.jpg
    .jpg
  • help/crm26.jpg
    .jpg
  • help/crm27.jpg
    .jpg
  • help/crm28.jpg
    .jpg
  • help/crm29.jpg
    .jpg
  • help/crm30.jpg
    .jpg
  • help/crm31.jpg
    .jpg
  • help/crm32.jpg
    .jpg
  • help/funnel1.jpg
    .jpg
  • help/funnel2.jpg
    .jpg
  • help/funnel3.jpg
    .jpg
  • help/funnel4.jpg
    .jpg
  • help/rjdj.gif
    .gif
  • help/rjqy.gif
    .gif
  • mpcrm.dll
  • mpcrm.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • mpsoftup.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • mpsoftup.ini
  • mpweb.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • readme.htm
    .html
  • report/crmaddfb.rep
  • report/crmcon.rep
  • report/crmflow.rep
  • report/crmgoinfo.rep
  • report/crmgoinfo1.rep
  • report/crmhap.rep
  • report/crminc.rep
  • report/crminfo.rep
  • report/crminfo1.rep
  • report/crmlog.rep
  • report/crmlrsell.rep
  • report/crmnear.rep
  • report/crmquery.rep
  • report/crmrela.rep
  • report/crmsell.rep
  • report/crmsells.rep
  • report/crmstop.rep
  • report/crmwake.rep
  • report/departlr.rep
  • report/elrsell.rep
  • report/empflow.rep
  • report/empwork.rep
  • report/encomp.rep
  • report/esell.rep
  • report/etxinfo.rep
  • report/etxm.rep
  • report/ework.rep
  • report/funnel.rep
  • report/gdInBack.rep
  • report/goodsinfo.rep
  • report/goreturn.rep
  • report/gosell.rep
  • report/hissell1.rep
  • report/hissell2.rep
  • report/infile.rep
  • report/linkman.rep
  • report/mailbox.rep
  • report/mback.rep
  • report/moment.rep
  • report/prodet.rep
  • report/profollow.rep
  • report/prolr.rep
  • report/prosell.rep
  • report/prosum.rep
  • report/qback.rep
  • report/sellhap.rep
  • report/sells.rep
  • report/spro.rep
  • report/userinfo.rep
  • report/works.rep
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    9632e80596371cfa7f563f680f3c4498


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • 新云软件.url
    .url