Overview

overview

7

Static

static

3

ec0d69206a...18.exe

windows7-x64

7

ec0d69206a...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PROGRAMFI...le.exe

windows7-x64

6

$PROGRAMFI...le.exe

windows10-2004-x64

6

$PROGRAMFI...le.exe

windows7-x64

3

$PROGRAMFI...le.exe

windows10-2004-x64

3

$PROGRAMFI...sh.exe

windows7-x64

3

$PROGRAMFI...sh.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    ec0d69206ae3a75cbcea7cba27398764_JaffaCakes118

  • Size

    2.9MB

  • MD5

    ec0d69206ae3a75cbcea7cba27398764

  • SHA1

    bf433a83c1241d348541e7f15ff2d94fb14a1825

  • SHA256

    6d8c7f0697097f70d301532b951516c4c55456a55c6e3053e3347ee8e19c6f88

  • SHA512

    1c1d3d6814d0ea52c7b25595c3629ab31bcf22f161869e7e33f46b2c3fb3be0d4b43e87a42b7b9ef979eb6d136c4ba3232204f0679f063e82daf0f596ff2a8a8

  • SSDEEP

    49152:XbU7yypns9v1dRGYNmSNMDnSIf/8AglUxo1cdqUA/zvSPtkp5EHEkz9VK+BOq+8q:XIjpWv1dwmDNM/8AKJcdqtzvwtkLXkzk

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • ec0d69206ae3a75cbcea7cba27398764_JaffaCakes118
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:5 windows x86 arch:x86

    e981c0ab92cb1f191bb5e23392e14796


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:5 windows x86 arch:x86

    45d25ca52c312b2254c60dbcb30342d1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:5 windows x86 arch:x86

    8700d0ebbb41c81ea52718af1ab70a93


    Headers

    Imports

    Exports

    Sections

  • $PROGRAMFILES/OneSystemCare/$APPDATA/One System Care/Languages/English.xml
  • $PROGRAMFILES/OneSystemCare/$PROGRAMFILES/OneSystemCare/SystemConsole.exe
    .exe windows:5 windows x86 arch:x86

    82b5e6aba6fb46d8b21ed118157901bc


    Code Sign

    Headers

    Imports

    Sections

  • $PROGRAMFILES/OneSystemCare/CleanupConsole.exe
    .exe windows:5 windows x86 arch:x86

    511a8da31c49a9dffeb77c814dcdaf22


    Code Sign

    Headers

    Imports

    Sections

  • $PROGRAMFILES/OneSystemCare/SystemCash.exe
    .exe windows:5 windows x86 arch:x86

    849aaf6b8ffadd9a075f3c6b80e9e685


    Code Sign

    Headers

    Imports

    Sections

  • $R9