Overview

overview

8

Static

static

7

faf7783507...18.exe

windows7-x64

7

faf7783507...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

5

$PLUGINSDI...ol.dll

windows10-2004-x64

5

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

FeiSuExtern.dll

windows7-x64

5

FeiSuExtern.dll

windows10-2004-x64

5

FeiSuExtern64.dll

windows7-x64

5

FeiSuExtern64.dll

windows10-2004-x64

5

FeiSuMiniNews.exe

windows7-x64

3

FeiSuMiniNews.exe

windows10-2004-x64

3

FeiSuMiniTray.exe

windows7-x64

3

FeiSuMiniTray.exe

windows10-2004-x64

3

FeiSuPDF.exe

windows7-x64

3

FeiSuPDF.exe

windows10-2004-x64

5

FeiSuPd.dll

windows7-x64

8

FeiSuPd.dll

windows10-2004-x64

8

FeiSuService.exe

windows7-x64

3

FeiSuService.exe

windows10-2004-x64

3

FeiSuUpdate.exe

windows7-x64

3

FeiSuUpdate.exe

windows10-2004-x64

3

PdfFilter.dll

windows7-x64

5

PdfFilter.dll

windows10-2004-x64

5

PdfPreview.dll

windows7-x64

5

PdfPreview.dll

windows10-2004-x64

5

Uninst.exe

windows7-x64

4

Uninst.exe

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    faf77835071ab6253515f21c95cf61a4_JaffaCakes118

  • Size

    4.5MB

  • MD5

    faf77835071ab6253515f21c95cf61a4

  • SHA1

    db5e20d607de32811e2831215c7caa54eeaed05e

  • SHA256

    df4aab91aefc47d2422dc700ada8ebea52b20cf12391a7f774bea7632996a897

  • SHA512

    f4b8fec55199200870c312ac36eaef96c4d7c82768ad53c567947092a53e08d508e90588867fef564681fed491fac5056d3012abef8442903665a1c134f167d3

  • SSDEEP

    98304:3KnmowGNAlVnmEzwDo9egCkcLnqOKfFjmsA8ahfIUrDUmNaHZbYxeSBqGZBwGtqo:3YmoLN6VcDJkon8fFSn7rhzx5BqsW1Bi

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • faf77835071ab6253515f21c95cf61a4_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    57e98d9a5a72c8d7ad8fb7a6a58b3daf


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AccessControl.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/InstHlp.dll
    .dll windows:5 windows x86 arch:x86

    c8d28c8ec3ed633365eedf3ec168225b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    46f8b6973f33717335c0f6d8087de67b


    Headers

    Imports

    Exports

    Sections

  • FeiSuExtern.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    62bfdfb6fa063a691f72bd14eded0a0a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FeiSuExtern64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    d51e5632888861ab9381c5c16ba45ea4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FeiSuMiniNews.exe
    .exe windows:5 windows x86 arch:x86

    571f1de0523a5772020eb4fc8c876d83


    Code Sign

    Headers

    Imports

    Sections

  • FeiSuMiniTray.exe
    .exe windows:5 windows x86 arch:x86

    571f1de0523a5772020eb4fc8c876d83


    Code Sign

    Headers

    Imports

    Sections

  • FeiSuPDF.exe
    .exe windows:5 windows x86 arch:x86

    8341b356bf1aaccc23ef5503cb70ed52


    Code Sign

    Headers

    Imports

    Sections

  • FeiSuPd.dll
    .dll windows:5 windows x86 arch:x86

    527729849d7d1d2eda7dd87d1f697c41


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FeiSuService.exe
    .exe windows:5 windows x86 arch:x86

    ad6a192de257a89adba0a618514ab86b


    Code Sign

    Headers

    Imports

    Sections

  • FeiSuUpdate.exe
    .exe windows:5 windows x86 arch:x86

    d9b2786a91efc840fa3cf436c11a7493


    Code Sign

    Headers

    Imports

    Sections

  • PdfFilter.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    b9e781773fde70bc2db0ce9b14bb3973


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PdfPreview.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    7c1e85e30c884b04685c09b3d5ff158d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Uninst.exe
    .exe windows:4 windows x86 arch:x86

    57e98d9a5a72c8d7ad8fb7a6a58b3daf


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AccessControl.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/InstHlp.dll
    .dll windows:5 windows x86 arch:x86

    c8d28c8ec3ed633365eedf3ec168225b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    46f8b6973f33717335c0f6d8087de67b


    Headers

    Imports

    Exports

    Sections

  • libmupdf.dll
    .dll windows:5 windows x86 arch:x86

    424e0c264149843d2422fce29f4c37f7


    Code Sign

    Headers

    Imports

    Exports

    Sections