Overview

overview

10

Static

static

3

HA_SendLin...re.exe

windows7-x64

7

HA_SendLin...re.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/Assi...fy.exe

windows7-x64

8

$TEMP/Assi...fy.exe

windows10-2004-x64

8

$R0.dll

windows7-x64

8

$R0.dll

windows10-2004-x64

8

Assist/$R0.dll

windows7-x64

6

Assist/$R0.dll

windows10-2004-x64

6

$TEMP/DUDU_HH.exe

windows7-x64

10

$TEMP/DUDU_HH.exe

windows10-2004-x64

10

SendLink.exe

windows7-x64

3

SendLink.exe

windows10-2004-x64

3

SendLink.url

windows7-x64

6

SendLink.url

windows10-2004-x64

3

SendLog.html

windows7-x64

3

SendLog.html

windows10-2004-x64

3

SlideShow.html

windows7-x64

3

SlideShow.html

windows10-2004-x64

1

Support.url

windows7-x64

5

Support.url

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecc952f6900284b23aeb2f2c02d08ba4_JaffaCakes118

  • Size

    470KB

  • MD5

    ecc952f6900284b23aeb2f2c02d08ba4

  • SHA1

    c109f7caa0aeae6e7ba464d6b12d2e6fc8ebea62

  • SHA256

    8109b2fe6fe61eec679d059c1e553c20777dde2b6b8200ce3bdf57b2f2068bf5

  • SHA512

    3fc457dde4694a0f4f83bcb641d965ae5c82cbc04d30f55f931a2c140486c3b18049b37fb7532c05897ff2285cc5cfd7329e286fc1709a704811c2e36abf6e92

  • SSDEEP

    6144:w8TCDgy82yhZHzSky3XE8V22dl192Bjpdvitf8LuBToP126xHe0K/rUHLM:hFJLHzSky3jV5dl192BABM1261eDKg

Score
3/10

Malware Config

Signatures

  • Unsigned PE 12 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • ecc952f6900284b23aeb2f2c02d08ba4_JaffaCakes118
    .zip
  • HA_SendLink191_Fire.exe
    .exe windows:4 windows x86 arch:x86

    1bed3305885b0ca596d9cbba22baf78a


    Headers

    Imports

    Sections

  • $PLUGINSDIR/CustomPage.ini
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    9d433976e02d79532f0d635ee81d0b20


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Splash.dll
    .dll windows:4 windows x86 arch:x86

    dfca8f6698c93c9475bec373d99a1efd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Splash_logo-2.BMP
  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    7d85f9c30f9e87a65fff848de2c96ac1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/bgm_ʮ.mid
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/Assist_hanzify.exe
    .exe windows:4 windows x86 arch:x86

    b711f65a9aff6a22fb2f57f0ac8bda33


    Headers

    Imports

    Sections

  • $R0
    .dll regsvr32 windows:4 windows x86 arch:x86

    3e01e5e72f4a727eb05e25847cae4d97


    Headers

    Imports

    Exports

    Sections

  • Assist/$R0
    .dll regsvr32 windows:4 windows x86 arch:x86

    e9559ac95b98ff4786d6b8f305be59c0


    Headers

    Imports

    Exports

    Sections

  • $TEMP/DUDU_HH.exe
    .exe windows:4 windows x86 arch:x86

    86057e03f22e7f492f3fdd45c4a17706


    Headers

    Imports

    Sections

  • SendLink.exe
    .exe windows:4 windows x86 arch:x86

    6af06596619b89a4d66b28eed2995c84


    Headers

    Imports

    Sections

  • SendLink.url
  • SendLog.html
    .html
  • SlideShow.html
    .html .js polyglot
  • Support.url
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    1bed3305885b0ca596d9cbba22baf78a


    Headers

    Imports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    8fc31e88f4e2f35a7d6873d897a2680d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • ˵.txt
  • ˵.txt
  • .txt