Overview

overview

7

Static

static

3

VX CHAOS F...es.url

windows7-x64

1

VX CHAOS F...es.url

windows10-2004-x64

1

packers/Ex...th.exe

windows7-x64

3

packers/Ex...th.exe

windows10-2004-x64

3

ExeS.exe

windows7-x64

5

ExeS.exe

windows10-2004-x64

3

UPX/uninstall.exe

windows7-x64

7

UPX/uninstall.exe

windows10-2004-x64

7

UPX/upx.vbs

windows7-x64

1

UPX/upx.vbs

windows10-2004-x64

1

UPX/upx.exe

windows7-x64

3

UPX/upx.exe

windows10-2004-x64

3

UPX/upx.html

windows7-x64

3

UPX/upx.html

windows10-2004-x64

3

morphine.js

windows7-x64

3

morphine.js

windows10-2004-x64

3

morphine.exe

windows7-x64

1

morphine.exe

windows10-2004-x64

3

packers/Packman.exe

windows7-x64

3

packers/Packman.exe

windows10-2004-x64

3

packers/Sc...ol.exe

windows7-x64

1

packers/Sc...ol.exe

windows10-2004-x64

3

packers/wup.exe

windows7-x64

3

packers/wup.exe

windows10-2004-x64

3

packers/yP.exe

windows7-x64

3

packers/yP.exe

windows10-2004-x64

3

source/cpp/misc.vbs

windows7-x64

1

source/cpp/misc.vbs

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    efa80942b5e57a63ae74708268442e54_JaffaCakes118

  • Size

    1.1MB

  • MD5

    efa80942b5e57a63ae74708268442e54

  • SHA1

    ba567fa91a0baa2cbcff10e16ec502354c04a0a9

  • SHA256

    3042f118cb5ad7bf63e162a53ffa385c234c9cc2f3cb99573f24d03561aff566

  • SHA512

    2ce006bbd391847e3c7d912b8fd7ce00796db8b0184107cef9af91a01ece7e0f5d095f163094ce9779589059048a73ec37edebf40a1a259f01a7103343182402

  • SSDEEP

    24576:1nYGKvSA9xo0pmJdwAbjbk/GRAJ0bUiOgmLW2jZqQJIPJo:1ZKF9xo0YLwKvLRbUVgmy2L4Jo

Score
3/10

Malware Config

Signatures

  • Unsigned PE 9 IoCs

    Checks for missing Authenticode signature.

Files

  • efa80942b5e57a63ae74708268442e54_JaffaCakes118
    .rar
  • VX CHAOS FILE SERVER - Virii, Worms, Anti-Virus, Hacker Tools, Warez, Codes.url
  • VX CHAOS.nfo
  • VX CHAOS.txt
  • docs/cmds.txt
  • packers/ExeStealth.exe
    .exe windows:4 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • English.lng
  • ExeS.dof
  • ExeS.dpr
  • ExeS.exe
    .exe windows:1 windows x86 arch:x86

    d31c3d3bdbc37da0c1d51b2dea6b6966


    Headers

    Imports

    Sections

  • ExeS.res
  • German.lng
  • History.txt
  • License.txt
  • UPX/BUGS
  • UPX/COPYING
  • UPX/LICENSE
  • UPX/NEWS
  • UPX/README
  • UPX/THANKS
  • UPX/uninstall.exe
    .exe windows:4 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • UPX/upx.doc
    .vbs
  • UPX/upx.exe
    .exe windows:4 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • UPX/upx.html
    .html .vbs polyglot
  • Unit1.dfm
  • Unit1.pas
  • Unit2.dfm
  • Unit2.pas
  • morphine.dpr
    .js
  • morphine.exe
    .exe windows:4 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • morphine.txt
  • winxp.RES
  • packers/Packman.exe
    .exe windows:4 windows x86 arch:x86

    eaf478c5ed68a66331acd2c65b312a62


    Headers

    Imports

    Sections

  • packers/Scramble-Tool.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • packers/wup.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • packers/yP.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • source/cfg/conf.h
  • source/cpp/advscan.cpp
  • source/cpp/aliaslog.cpp
  • source/cpp/autostart.cpp
  • source/cpp/avirus.cpp
  • source/cpp/bindshell.cpp
  • source/cpp/capture.cpp
  • source/cpp/cdkeys.cpp
  • source/cpp/clsass.cpp
  • source/cpp/crc32.cpp
  • source/cpp/crypt.cpp
  • source/cpp/dcass.cpp
  • source/cpp/dcc.cpp
  • source/cpp/dcom.cpp
  • source/cpp/ddos.cpp
  • source/cpp/download.cpp
  • source/cpp/driveinfo.cpp
  • source/cpp/ehandler.cpp
  • source/cpp/findfile.cpp
  • source/cpp/findpass.cpp
  • source/cpp/fphost.cpp
  • source/cpp/ftpd.cpp
  • source/cpp/httpd.cpp
  • source/cpp/icmpflood.cpp
  • source/cpp/ident.cpp
  • source/cpp/irc_send.cpp
  • source/cpp/keylogger.cpp
  • source/cpp/loaddlls.cpp
  • source/cpp/lsass.cpp
  • source/cpp/lsass1lsass.cpp
  • source/cpp/misc.cpp
    .vbs
  • source/cpp/mssql.cpp
  • source/cpp/mssqllsass.cpp
  • source/cpp/ndcass.cpp
  • source/cpp/net.cpp
  • source/cpp/netbios.cpp
  • source/cpp/netutils.cpp
  • source/cpp/peer2peer.cpp
  • source/cpp/pingudp.cpp
  • source/cpp/processes.cpp
  • source/cpp/psniff.cpp
  • source/cpp/random.cpp
  • source/cpp/realcast.cpp
  • source/cpp/redirect.cpp
  • source/cpp/remotecmd.cpp
  • source/cpp/rlogind.cpp
  • source/cpp/rndnick.cpp
  • source/cpp/scan.cpp
  • source/cpp/secure.cpp
  • source/cpp/session.cpp
  • source/cpp/shellcode.cpp
  • source/cpp/socks4.cpp
  • source/cpp/synflood.cpp
  • source/cpp/sysinfo.cpp
  • source/cpp/tcpflood.cpp
  • source/cpp/tcpflood2.cpp
  • source/cpp/tftpd.cpp
  • source/cpp/threads.cpp
  • source/cpp/visit.cpp
  • source/cpp/wildcard.cpp
  • source/cpp/wksmass.cpp
  • source/cpp/wkssvc.cpp
  • source/cpp/xerion.cpp
  • source/h/advscan.h
  • source/h/aliaslog.h
  • source/h/autostart.h
  • source/h/avirus.h
  • source/h/capture.h
  • source/h/cdkeys.h
  • source/h/clsass.h
  • source/h/crc32.h
  • source/h/crypt.h
  • source/h/dcass.h
  • source/h/dcc.h
  • source/h/dcom.h
  • source/h/ddos.h
  • source/h/defines.h
  • source/h/download.h
  • source/h/driveinfo.h
  • source/h/ehandler.h
  • source/h/externs.h
  • source/h/findfile.h
  • source/h/findpass.h
  • source/h/fphost.h
  • source/h/ftpd.h
  • source/h/ftppot.h
  • source/h/functions.h
  • source/h/globals.h
  • source/h/httpd.h
  • source/h/icmpflood.h
  • source/h/ident.h
  • source/h/includes.h
  • source/h/irc_send.h
  • source/h/keylogger.h
  • source/h/loaddlls.h
  • source/h/lsass.h
  • source/h/lsass1lsass.h
  • source/h/lsass2.h
  • source/h/misc.h
  • source/h/mssql.h
  • source/h/mssqllsass.h
  • source/h/ndcass.h
  • source/h/net.h
  • source/h/netbios.h
  • source/h/netutils.h
  • source/h/nicklist.h
  • source/h/passwd.h
  • source/h/peer2peer.h
  • source/h/pingudp.h
  • source/h/processes.h
  • source/h/psniff.h
  • source/h/random.h
  • source/h/realcast.h
  • source/h/redirect.h
  • source/h/remotecmd.h
  • source/h/rlogind.h
  • source/h/rndnick.h
  • source/h/scan.h
  • source/h/secure.h
  • source/h/session.h
  • source/h/shares.h
  • source/h/shellcode.h
  • source/h/socks4.h
  • source/h/synflood.h
  • source/h/sysinfo.h
  • source/h/tcpflood.h
  • source/h/tcpflood2.h
  • source/h/tcpip.h
  • source/h/tftpd.h
  • source/h/threads.h
  • source/h/visit.h
  • source/h/wildcard.h
  • source/h/wksmass.h
  • source/h/wkssvc.h
  • source/h/xerion.h
  • vxchaos or die.jpg
    .jpg
  • xerion.dsp
  • xerion.dsw