Overview

overview

9

Static

static

9

ef8df9070d...18.exe

windows7-x64

7

ef8df9070d...18.exe

windows10-2004-x64

7

$0/AWF.cmd

windows7-x64

1

$0/AWF.cmd

windows10-2004-x64

1

$0/AppDataFile.vbs

windows7-x64

1

$0/AppDataFile.vbs

windows10-2004-x64

1

$0/Assoc.cmd

windows7-x64

1

$0/Assoc.cmd

windows10-2004-x64

1

$0/Auto-RC.cmd

windows7-x64

1

$0/Auto-RC.cmd

windows10-2004-x64

1

$0/Boot-Rk.cmd

windows7-x64

1

$0/Boot-Rk.cmd

windows10-2004-x64

1

$0/Boot.bat

windows7-x64

4

$0/Boot.bat

windows10-2004-x64

4

$0/BootDrv.vbs

windows7-x64

1

$0/BootDrv.vbs

windows10-2004-x64

1

$0/CF-Script.cmd

windows7-x64

1

$0/CF-Script.cmd

windows10-2004-x64

1

$0/CSet.cmd

windows7-x64

1

$0/CSet.cmd

windows10-2004-x64

1

$0/Catch-sub.cmd

windows7-x64

1

$0/Catch-sub.cmd

windows10-2004-x64

1

$0/Combo-Fix.sys

windows7-x64

1

$0/Combo-Fix.sys

windows10-2004-x64

1

$0/ComboFi...ad.exe

windows7-x64

1

$0/ComboFi...ad.exe

windows10-2004-x64

3

$0/Combobatch.bat

windows7-x64

1

$0/Combobatch.bat

windows10-2004-x64

1

$0/Create.cmd

windows7-x64

1

$0/Create.cmd

windows10-2004-x64

1

$0/CregC.cmd

windows7-x64

1

$0/CregC.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ef8df9070d1157464797ad9c54520696_JaffaCakes118

  • Size

    1.9MB

  • MD5

    ef8df9070d1157464797ad9c54520696

  • SHA1

    cacf75ac8bf78a7c22dfd3c7ec8a8a85a365aeb8

  • SHA256

    41e69f62f69b09bfd8fd95e1abdb256199f7d5192ba0ea897d7aa0e3f931f209

  • SHA512

    d443469fc84c58070c8356793bf8588df08e56ce6e24de819d2fc89a3a9af75989ca41934c2ef4794a43dae32673808f2e12ee14364a5ff487751f23a7cb79e7

  • SSDEEP

    49152:AFT8Yw58W8PEO9h9pbI9sSqz4mv1SZ1gwIbC3aY9mOv4:AFWeph/cssqk3X4

Score
9/10
upx

Malware Config

Signatures

  • Detected Nirsoft tools 5 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 15 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs
    installer

Files

  • ef8df9070d1157464797ad9c54520696_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/023.dat
  • $0/023v.dat
  • $0/023w7.dat
  • $0/AWF.cmd
  • $0/AppDataFile.cfx
    .vbs
  • $0/AppDataFolder.cfx
  • $0/Assoc.cmd
  • $0/Auto-RC.cmd
  • $0/Boot-Rk.cmd
  • $0/Boot.bat
  • $0/BootDrv.vbs
    .vbs
  • $0/CF-Script.cmd
    .cmd .ps1
  • $0/CSet.cmd
  • $0/Catch-sub.cmd
  • $0/Combo-Fix.sys
    .sys windows:5 windows x86 arch:x86


    Headers

    Sections

  • $0/ComboFix-Download.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/Combobatch.bat
  • $0/Create.cmd
  • $0/Creg.dat
  • $0/CregC.cmd
  • $0/CregC.dat
  • $0/DPF.str
  • $0/DelClsid.bat
  • $0/DelClsid64.bat
  • $0/DesktopFile.cfx
  • $0/Dnl.dat
  • $0/DrvRun.vbs
    .vbs
  • $0/ERDNT.e_e
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • $0/ERDNTDOS.LOC
  • $0/ERDNTWIN.LOC
  • $0/ERUNT.LOC
  • $0/ERUNT.cfxxe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • $0/Exe.reg
  • $0/FD-SV.cmd
  • $0/FIND3M.bat
  • $0/FIXLSP.bat
  • $0/FKMGen.cmd
  • $0/FavoriteFolder.cfx
  • $0/FavoritesFile.cfx
  • $0/FileKill.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/Fin.dat
  • $0/GetHive.cmd
  • $0/HDPEInfo.cfxxe
    .exe windows:4 windows x86 arch:x86

    1497f1c937d7f1a5eceac482c2801f5a


    Headers

    Imports

    Sections

  • $0/Imefile.dat
  • $0/Install-RC.cmd
  • $0/Kill-All.cmd
  • $0/Ksvchost.vbs
    .vbs
  • $0/Lang.bat
  • $0/List-B.bat
  • $0/List-C.bat
  • $0/List-D.bat
  • $0/List.bat
  • $0/LocalAppDataFile.cfx
  • $0/LocalAppDataFolder.cfx
  • $0/LocalService.dat
  • $0/LocalServiceNetworkRestricted.dat
  • $0/LocalSettingsFile.cfx
  • $0/LocalSystemNetworkRestricted.dat
  • $0/MoveIt.bat
  • $0/ND_.bat
  • $0/ND_64.bat
  • $0/NT-OS.cmd
    .cmd .ps1
  • $0/NetworkService.dat
  • $0/NirCmd.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/NirCmd.chm
    .chm
  • $0/NirCmdC.cfxxe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/OSid.vbs
    .vbs
  • $0/P.cmd
  • $0/PersonalFile.cfx
  • $0/PersonalFolder.cfx
  • $0/Policies.dat
  • $0/Prep.inf
  • $0/ProfilesFile.cfx
    .vbs
  • $0/ProfilesFolder.cfx
  • $0/ProgramsFile.cfx
  • $0/ProgramsFolder.cfx
  • $0/Purity.dat
  • $0/RCLink.dat
  • $0/REGDACL.sed
  • $0/RegDo.sed
  • $0/RegScan.cmd
  • $0/RegScan64.cmd
  • $0/Rkey.cmd
  • $0/Rust.str
  • $0/SRestore.cmd
  • $0/Safeboot.def.w7.dat
  • $0/SetEnvmt.bat
  • $0/SnapShot.cmd
  • $0/StartMenuFile.cfx
  • $0/StartMenuFolder.cfx
  • $0/StartUpFile.cfx
  • $0/SuppScan.cmd
  • $0/SvcDrv.vbs
    .vbs
  • $0/TemplatesFile.cfx
  • $0/TemplatesFolder.cfx
  • $0/Update-CF.cmd
  • $0/VInfo
  • $0/VInfo2
  • $0/Vipev.dat
  • $0/VwinTemp.dacl
  • $0/Wmi_rem.vbs
    .vbs
  • $0/XPSBoot.reg
  • $0/appinit.bad
  • $0/asp.str
  • $0/av.cmd
  • $0/av.vbs
    .vbs
  • $0/badclsid.c
  • $0/firefox.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/iexplore.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $0/n.pif
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections