f07dab07529dade0a7d26abd776f2d15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f07dab07529dade0a7d26abd776f2d15_JaffaCakes118
Size

13.9MB
MD5

f07dab07529dade0a7d26abd776f2d15
SHA1

abcfdc06b69051a3cc15ad8c70e4b033c36904c6
SHA256

8f303f4bbbd08051fb9a4411173b160e405485bc16d6cb0a15075db2dd566da9
SHA512

bbbd91f35be6bd074ef935c70b9f3dbc7a4ded62b75e59ebad352884808f270d40fc8350b271a4908f2b1134407226c02029b7d8d9da830dca7cf441039d429f
SSDEEP

393216:wtZMIsPVfwaqQl+MQk/K3xkIGtCi9hfLKvvEB4jEnds8:gRgjPpKGCeGvv3oG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/تكملة/gStartMultiInstant11.exe
unpack001/فرز/‫zaeemmm 2000/VoIPSDK.dll
unpack001/فرز/‫zaeemmm 2000/XDiller11.exe

Files

f07dab07529dade0a7d26abd776f2d15_JaffaCakes118
.rar
تكملة/Info/IPs.txt
تكملة/Info/Password.txt
تكملة/Info/Password_Split0.txt
تكملة/Info/Password_Split1.txt
تكملة/Info/Password_Split10.txt
تكملة/Info/Password_Split11.txt
تكملة/Info/Password_Split12.txt
تكملة/Info/Password_Split13.txt
تكملة/Info/Password_Split14.txt
تكملة/Info/Password_Split15.txt
تكملة/Info/Password_Split16.txt
تكملة/Info/Password_Split17.txt
تكملة/Info/Password_Split18.txt
تكملة/Info/Password_Split19.txt
تكملة/Info/Password_Split2.txt
تكملة/Info/Password_Split20.txt
تكملة/Info/Password_Split21.txt
تكملة/Info/Password_Split22.txt
تكملة/Info/Password_Split23.txt
تكملة/Info/Password_Split24.txt
تكملة/Info/Password_Split25.txt
تكملة/Info/Password_Split26.txt
تكملة/Info/Password_Split27.txt
تكملة/Info/Password_Split28.txt
تكملة/Info/Password_Split29.txt
تكملة/Info/Password_Split3.txt
تكملة/Info/Password_Split4.txt
تكملة/Info/Password_Split5.txt
تكملة/Info/Password_Split6.txt
تكملة/Info/Password_Split7.txt
تكملة/Info/Password_Split8.txt
تكملة/Info/Password_Split9.txt
تكملة/Info/Proxy.txt
تكملة/Info/UserName.txt
تكملة/Info/UserName_Split0.txt
تكملة/Info/UserName_Split1.txt
تكملة/Info/UserName_Split10.txt
تكملة/Info/UserName_Split11.txt
تكملة/Info/UserName_Split12.txt
تكملة/Info/UserName_Split13.txt
تكملة/Info/UserName_Split14.txt
تكملة/Info/UserName_Split15.txt
تكملة/Info/UserName_Split16.txt
تكملة/Info/UserName_Split17.txt
تكملة/Info/UserName_Split18.txt
تكملة/Info/UserName_Split19.txt
تكملة/Info/UserName_Split2.txt
تكملة/Info/UserName_Split20.txt
تكملة/Info/UserName_Split21.txt
تكملة/Info/UserName_Split22.txt
تكملة/Info/UserName_Split23.txt
تكملة/Info/UserName_Split24.txt
تكملة/Info/UserName_Split25.txt
تكملة/Info/UserName_Split26.txt
تكملة/Info/UserName_Split27.txt
تكملة/Info/UserName_Split28.txt
تكملة/Info/UserName_Split29.txt
تكملة/Info/UserName_Split3.txt
تكملة/Info/UserName_Split4.txt
تكملة/Info/UserName_Split5.txt
تكملة/Info/UserName_Split6.txt
تكملة/Info/UserName_Split7.txt
تكملة/Info/UserName_Split8.txt
تكملة/Info/UserName_Split9.txt
تكملة/Info/timeout.txt
تكملة/gStartMultiInstant11.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
فرز/‫zaeemmm 2000/AutoRun.txt
فرز/‫zaeemmm 2000/File.txt
فرز/‫zaeemmm 2000/Info/IPs.txt
فرز/‫zaeemmm 2000/Info/Password.txt
فرز/‫zaeemmm 2000/Info/Password_Split0.txt
فرز/‫zaeemmm 2000/Info/Proxy.txt
فرز/‫zaeemmm 2000/Info/UserName.txt
فرز/‫zaeemmm 2000/Info/UserName_Split0.txt
فرز/‫zaeemmm 2000/Info/timeout.txt
فرز/‫zaeemmm 2000/Ports.txt
فرز/‫zaeemmm 2000/Reports/.txt
فرز/‫zaeemmm 2000/Reports/Busy Here.txt
فرز/‫zaeemmm 2000/Reports/Forbidden (Bad auth).txt
فرز/‫zaeemmm 2000/Reports/Forbidden.txt
فرز/‫zaeemmm 2000/Reports/Max auth attempts reached.txt
فرز/‫zaeemmm 2000/Reports/Method Not Allowed.txt
فرز/‫zaeemmm 2000/Reports/Method Not Implemented.txt
فرز/‫zaeemmm 2000/Reports/Not Implemented.txt
فرز/‫zaeemmm 2000/Reports/Not found.txt
فرز/‫zaeemmm 2000/Reports/OK.txt
فرز/‫zaeemmm 2000/Reports/Service Unavailable.txt
فرز/‫zaeemmm 2000/Reports/Transaction timed out.txt
فرز/‫zaeemmm 2000/Reports/UA Not Found.txt
فرز/‫zaeemmm 2000/Reports/Unsupported Operation.txt
فرز/‫zaeemmm 2000/Reports/User not Found.txt
فرز/‫zaeemmm 2000/Settings.txt
فرز/‫zaeemmm 2000/VoIPSDK.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\jobs\Ozeki VoIP SDK\workspace\VoIP\Products\VoIPSDK\OzVoIPSDK\Protection\.NET4\VoIPSDK.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48.5MB - Virtual size: 48.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
فرز/‫zaeemmm 2000/XDiller11.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
فرز/‫zaeemmm 2000/password.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 48.5MB - Virtual size: 48.5MB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 38KB - Virtual size: 37KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48.5MB - Virtual size: 48.5MB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B