Overview

overview

7

Static

static

3

fd94dc766a...18.exe

windows7-x64

7

fd94dc766a...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

AUTOEXEC.bat

windows7-x64

1

AUTOEXEC.bat

windows10-2004-x64

7

CFGMGR.exe

windows7-x64

3

CFGMGR.exe

windows10-2004-x64

3

CHSCfgMgr.dll

windows7-x64

1

CHSCfgMgr.dll

windows10-2004-x64

1

CHTCfgMgr.dll

windows7-x64

1

CHTCfgMgr.dll

windows10-2004-x64

1

CREATEKB.chm

windows7-x64

1

CREATEKB.chm

windows10-2004-x64

1

CREATEKB.exe

windows7-x64

3

CREATEKB.exe

windows10-2004-x64

3

DEUCfgMgr.dll

windows7-x64

1

DEUCfgMgr.dll

windows10-2004-x64

1

ENUCfgMgr.dll

windows7-x64

1

ENUCfgMgr.dll

windows10-2004-x64

1

ESPCfgMgr.dll

windows7-x64

1

ESPCfgMgr.dll

windows10-2004-x64

1

EULA.rtf

windows7-x64

4

EULA.rtf

windows10-2004-x64

1

FRACfgMgr.dll

windows7-x64

1

FRACfgMgr.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    fd94dc766ac286b9168a9645002d99ae_JaffaCakes118

  • Size

    4.8MB

  • MD5

    fd94dc766ac286b9168a9645002d99ae

  • SHA1

    d72e737b05b6a7761ecbcf3a5fedf28c7710cffe

  • SHA256

    adb84405f7e56a8de5f16dc08bb1161e914e5fa12ba5ceb1c3ecfc219826a2a7

  • SHA512

    6f4462000f62b6f531644a9756fd642c2f4cfed41ef47326c837377a199a01884f5b7be391dd08d14d593b6ddbddb9cd48b2acb60b4bccc6147ae0d30eb9c28e

  • SSDEEP

    98304:u95UTSywitDG4XcMBOdAo/Wd/sMnrtNmUFuHQcu7gwlZ3Z:u95Uyi1GcRBOyoCscrOguwcutlZ3Z

Score
3/10

Malware Config

Signatures

  • Unsigned PE 49 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • fd94dc766ac286b9168a9645002d99ae_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AccessControl.dll
    .dll windows:4 windows x86 arch:x86

    ed83f419402bc3b83a08e3aaf8b5b5b7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Splash.dll
    .dll windows:4 windows x86 arch:x86

    dfca8f6698c93c9475bec373d99a1efd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/splash.bmp
  • AUTOEXEC.BAT
  • BugFix.txt
  • CERTLIST.PEM
  • CFGMGR.EXE
    .exe windows:4 windows x86 arch:x86

    fb8db43021bcb4e1a39ae6d6c2246f52


    Headers

    Imports

    Sections

  • CHARSET.BIN
  • CHSCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • CHSTermCfg.xml
  • CHTCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • CHTTermCfg.xml
  • CREATEKB.CHM
    .chm
  • CREATEKB.EXE
    .exe windows:4 windows x86 arch:x86

    1ddf83ca749f9b860666b697bd123cf6


    Headers

    Imports

    Sections

  • CUSTOM.KMT
  • CUSTOM.TXT
  • CfgMgr.ini
  • DEUCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • DEUTermCfg.xml
  • EBCDIC.BIN
  • EM3270.KB
  • EM3270.KBB
  • EM5250.KB
  • EM5250.KBB
  • EMHP.KB
  • EMHP.KBB
  • EMNONE.KB
  • EMNONE.KBB
  • EMNUM.KB
  • EMNUM.KBB
  • EMULATE.MSG
  • EMVT.KB
  • EMVT.KBB
  • EMWEB.KB
  • EMWEB.KBB
  • ENUCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ENUTermCfg.xml
  • ESPCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ESPTermCfg.xml
  • EULA.rtf
    .rtf
  • FRACfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • FRATermCfg.xml
  • HOSTCFGS.BIN
  • HOSTEDIT.EXE
    .exe windows:4 windows x86 arch:x86

    520428ef3d01cbf9e280dcb18de2aa54


    Headers

    Imports

    Sections

  • IBMUNI.ASC
  • ICU_License.html
    .html
  • ITACfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ITATermCfg.xml
  • JPNCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • JPNTermCfg.xml
  • KORCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • KORTermCfg.xml
  • Keymap.asc
  • LOCAL.TXT
  • Microsoft.VC80.CRT.manifest
  • Microsoft.VC80.MFC.manifest
  • PTBCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • PTBTermCfg.xml
  • REFORMAT.BIN
  • RESOURCE.BIN
  • RUSCfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • RUSTermCfg.xml
  • ResourceCHS_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceCHS_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceCHT_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceCHT_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceDEU_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceDEU_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceENU_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceENU_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceESP_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceESP_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceEditor.exe
    .exe windows:4 windows x86 arch:x86

    e1646f73997d4bd04eeea61aea7b5f16


    Headers

    Imports

    Sections

  • ResourceFRA_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceFRA_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceITA_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceITA_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceJPN_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceJPN_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceKOR_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceKOR_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourcePTB_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourcePTB_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceRUS_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceRUS_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceTHA_7_3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ResourceTHA_TE.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • S24CFG.DAT
  • SCRIPTS.BIN
  • SCRPTEDT.EXE
    .exe windows:4 windows x86 arch:x86

    0a68cdc1a3f68a2c50971ffa9fa09a50


    Headers

    Imports

    Sections

  • SSHAUTH.DAT
  • ScreenReformatter.chm
    .chm
  • ScreenReformatter.exe
    .exe windows:4 windows x86 arch:x86

    17943f227e117b7c0ce2ced44a121c59


    Headers

    Imports

    Sections

  • Support.tce
  • SymDev.dll
  • SymNet.dll
  • SymRFID.dll
  • SymScan.dll
  • TERMCFG.BIN
  • TERMCFG.INF
  • TERMTYPE.DAT
  • THACfgMgr.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • THATermCfg.xml
  • TelnetCE.cpy
  • TelnetCE.exe
  • TelnetCE.reg
  • TelnetCEMC3100WM6.apr
  • TelnetConfig.cfg
  • TelnetConfig.exe
    .exe windows:4 windows x86 arch:x86

    68b7bab7fbf14296371b73bf3de5019e


    Headers

    Imports

    Sections

  • VTUNI.ASC
  • WEBDATA.BIN
  • WLB.tce
  • WLTNRst.run
  • WlInstall.exe
  • WlPrdRst.dat
    .ps1
  • ce-release.txt
  • icudt30.dll
  • local/DENMARK/CHARSET.ASC
  • local/DENMARK/CHARSET.BIN
  • local/DENMARK/EBCDIC.BIN
  • local/DENMARK/EBCDIC.TXT
  • local/DENMARK/EMULATE.ASC
  • local/DENMARK/EMULATE.MSG
  • local/DENMARK/IBMUNI.ASC
  • local/DENMARK/LOCAL.BAT
  • local/DENMARK/LOCAL.TXT
  • local/DENMARK/LOCAL4.BAT
  • local/DENMARK/MSG.H
  • local/DENMARK/VTHP.ASC
  • local/DENMARK/VTUNI.ASC
  • local/FINLAND/CHARSET.ASC
  • local/FINLAND/CHARSET.BIN
  • local/FINLAND/EBCDIC.BIN
  • local/FINLAND/EBCDIC.TXT
  • local/FINLAND/EMULATE.ASC
  • local/FINLAND/EMULATE.MSG
  • local/FINLAND/IBMUNI.ASC
  • local/FINLAND/LOCAL.BAT
  • local/FINLAND/LOCAL.TXT
  • local/FINLAND/LOCAL4.BAT
  • local/FINLAND/MSG.H
  • local/FINLAND/VTHP.ASC
  • local/FINLAND/VTUNI.ASC
  • local/FRANCE/CHARSET.ASC
  • local/FRANCE/CHARSET.BIN
  • local/FRANCE/EBCDIC.BIN
  • local/FRANCE/EBCDIC.TXT
  • local/FRANCE/EMULATE.ASC
  • local/FRANCE/EMULATE.MSG
  • local/FRANCE/IBMUNI.ASC
  • local/FRANCE/LOCAL.BAT
  • local/FRANCE/LOCAL.TXT
  • local/FRANCE/LOCAL4.BAT
  • local/FRANCE/MSG.H
  • local/FRANCE/VTHP.ASC
  • local/FRANCE/VTUNI.ASC
  • local/FREN-CAN/CHARSET.ASC
  • local/FREN-CAN/CHARSET.BIN
  • local/FREN-CAN/EBCDIC.BIN
  • local/FREN-CAN/EBCDIC.TXT
  • local/FREN-CAN/EMULATE.ASC
  • local/FREN-CAN/EMULATE.MSG
  • local/FREN-CAN/IBMUNI.ASC
  • local/FREN-CAN/LOCAL.BAT
  • local/FREN-CAN/LOCAL.TXT
  • local/FREN-CAN/LOCAL4.BAT
  • local/FREN-CAN/MSG.H
  • local/FREN-CAN/VTHP.ASC
  • local/FREN-CAN/VTUNI.ASC
  • local/GERMANY/CHARSET.ASC
  • local/GERMANY/CHARSET.BIN
  • local/GERMANY/EBCDIC.BIN
  • local/GERMANY/EBCDIC.TXT
  • local/GERMANY/EMULATE.ASC
  • local/GERMANY/EMULATE.MSG
  • local/GERMANY/IBMUNI.ASC
  • local/GERMANY/LOCAL.BAT
  • local/GERMANY/LOCAL.TXT
  • local/GERMANY/LOCAL4.BAT
  • local/GERMANY/MSG.H
  • local/GERMANY/VTHP.ASC
  • local/GERMANY/VTUNI.ASC
  • local/HOLLAND/CHARSET.ASC
  • local/HOLLAND/CHARSET.BIN
  • local/HOLLAND/EBCDIC.BIN
  • local/HOLLAND/EBCDIC.TXT
  • local/HOLLAND/EMULATE.ASC
  • local/HOLLAND/EMULATE.MSG
  • local/HOLLAND/IBMUNI.ASC
  • local/HOLLAND/LOCAL.BAT
  • local/HOLLAND/LOCAL.TXT
  • local/HOLLAND/LOCAL4.BAT
  • local/HOLLAND/MSG.H
  • local/HOLLAND/VTHP.ASC
  • local/HOLLAND/VTUNI.ASC
  • local/ITALY/CHARSET.ASC
  • local/ITALY/CHARSET.BIN
  • local/ITALY/EBCDIC.BIN
  • local/ITALY/EBCDIC.TXT
  • local/ITALY/EMULATE.ASC
  • local/ITALY/EMULATE.MSG
  • local/ITALY/IBMUNI.ASC
  • local/ITALY/LOCAL.BAT
  • local/ITALY/LOCAL.TXT
  • local/ITALY/LOCAL4.BAT
  • local/ITALY/MSG.H
  • local/ITALY/VTHP.ASC
  • local/ITALY/VTUNI.ASC
  • local/MSGCOMP.EXE
  • local/NORWAY/CHARSET.ASC
  • local/NORWAY/CHARSET.BIN
  • local/NORWAY/EBCDIC.BIN
  • local/NORWAY/EBCDIC.TXT
  • local/NORWAY/EMULATE.ASC
  • local/NORWAY/EMULATE.MSG
  • local/NORWAY/IBMUNI.ASC
  • local/NORWAY/LOCAL.BAT
  • local/NORWAY/LOCAL.TXT
  • local/NORWAY/LOCAL4.BAT
  • local/NORWAY/MSG.H
  • local/NORWAY/VTHP.ASC
  • local/NORWAY/VTUNI.ASC
  • local/READ.ME
  • local/SPAIN/CHARSET.ASC
  • local/SPAIN/CHARSET.BIN
  • local/SPAIN/EBCDIC.BIN
  • local/SPAIN/EBCDIC.TXT
  • local/SPAIN/EMULATE.ASC
  • local/SPAIN/EMULATE.MSG
  • local/SPAIN/IBMUNI.ASC
  • local/SPAIN/LOCAL.BAT
  • local/SPAIN/LOCAL.TXT
  • local/SPAIN/LOCAL4.BAT
  • local/SPAIN/MSG.H
  • local/SPAIN/VTHP.ASC
  • local/SPAIN/VTUNI.ASC
  • local/SWEDEN/CHARSET.ASC
  • local/SWEDEN/CHARSET.BIN
  • local/SWEDEN/EBCDIC.BIN
  • local/SWEDEN/EBCDIC.TXT
  • local/SWEDEN/EMULATE.ASC
  • local/SWEDEN/EMULATE.MSG
  • local/SWEDEN/IBMUNI.ASC
  • local/SWEDEN/LOCAL.BAT
  • local/SWEDEN/LOCAL.TXT
  • local/SWEDEN/LOCAL4.BAT
  • local/SWEDEN/MSG.H
  • local/SWEDEN/VTHP.ASC
  • local/SWEDEN/VTUNI.ASC
  • local/SWTZRLND/CHARSET.ASC
  • local/SWTZRLND/CHARSET.BIN
  • local/SWTZRLND/EBCDIC.BIN
  • local/SWTZRLND/EBCDIC.TXT
  • local/SWTZRLND/EMULATE.ASC
  • local/SWTZRLND/EMULATE.MSG
  • local/SWTZRLND/IBMUNI.ASC
  • local/SWTZRLND/LOCAL.BAT
  • local/SWTZRLND/LOCAL.TXT
  • local/SWTZRLND/LOCAL4.BAT
  • local/SWTZRLND/MSG.H
  • local/SWTZRLND/VTHP.ASC
  • local/SWTZRLND/VTUNI.ASC
  • local/UK/CHARSET.ASC
  • local/UK/CHARSET.BIN
  • local/UK/EBCDIC.BIN
  • local/UK/EBCDIC.TXT
  • local/UK/EMULATE.ASC
  • local/UK/EMULATE.MSG
  • local/UK/IBMUNI.ASC
  • local/UK/LOCAL.BAT
  • local/UK/LOCAL.TXT
  • local/UK/LOCAL4.BAT
  • local/UK/MSG.H
  • local/UK/VTHP.ASC
  • local/UK/VTUNI.ASC
  • local/US/CHARSET.ASC
  • local/US/CHARSET.BIN
  • local/US/EBCDIC.BIN
  • local/US/EBCDIC.TXT
  • local/US/EMULATE.ASC
  • local/US/EMULATE.MSG
  • local/US/IBMUNI.ASC
  • local/US/LOCAL.BAT
  • local/US/LOCAL.TXT
  • local/US/LOCAL4.BAT
  • local/US/MSG.H
  • local/US/VTHP.ASC
  • local/US/VTUNI.ASC
  • local/WLOCAL.CHM
    .chm
  • local/WLOCAL.EXE
    .exe windows:4 windows x86 arch:x86

    070702482ebee8e0ff426c3f664724ed


    Headers

    Imports

    Sections

  • mfc80u.dll
    .dll windows:4 windows x86 arch:x86

    78059ed8bcf523c9044bc07031b99fae


    Headers

    Imports

    Sections

  • msvcp80.dll
    .dll windows:4 windows x86 arch:x86

    6488997e312be12f8300ea7b1c34d497


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • msvcr80.dll
    .dll windows:4 windows x86 arch:x86

    7fecbc4a16a5dc85a5394a1df6217680


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • profiles.dat
  • sy30g028.kmp
  • sy30g038.kmp
  • sy30g048.kmp
  • uninst.exe.nsis
  • wltnoid.dll
  • wltnoidc.dll