Overview

overview

7

Static

static

7

ImpREC/ImportREC.exe

windows7-x64

5

ImpREC/ImportREC.exe

windows10-2004-x64

5

ImpREC/Plu...n.html

windows7-x64

3

ImpREC/Plu...n.html

windows10-2004-x64

3

ImpREC/Plu...ur.dll

windows7-x64

3

ImpREC/Plu...ur.dll

windows10-2004-x64

3

ImpREC/Plu...LL.bat

windows7-x64

1

ImpREC/Plu...LL.bat

windows10-2004-x64

1

ImpREC/Plu...LL.bat

windows7-x64

1

ImpREC/Plu...LL.bat

windows10-2004-x64

1

ImpREC/Plu...LL.bat

windows7-x64

1

ImpREC/Plu...LL.bat

windows10-2004-x64

1

ImpREC/Plu...#1.dll

windows7-x64

3

ImpREC/Plu...#1.dll

windows10-2004-x64

3

ImpREC/Plu...#2.dll

windows7-x64

3

ImpREC/Plu...#2.dll

windows10-2004-x64

3

ImpREC/Plu...#3.dll

windows7-x64

3

ImpREC/Plu...#3.dll

windows10-2004-x64

3

ImpREC/Plu...22.dll

windows7-x64

5

ImpREC/Plu...22.dll

windows10-2004-x64

5

ImpREC/Plu...c4.dll

windows7-x64

3

ImpREC/Plu...c4.dll

windows10-2004-x64

3

ImpREC/Plu...#1.dll

windows7-x64

5

ImpREC/Plu...#1.dll

windows10-2004-x64

5

ImpREC/Plu...#2.dll

windows7-x64

3

ImpREC/Plu...#2.dll

windows10-2004-x64

3

ImpREC/Plu...2x.dll

windows7-x64

3

ImpREC/Plu...2x.dll

windows10-2004-x64

3

ImpREC/Plu....3.dll

windows7-x64

5

ImpREC/Plu....3.dll

windows10-2004-x64

5

ImpREC/Plu...xx.dll

windows7-x64

3

ImpREC/Plu...xx.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    027c564465f623ade809cc6a14fe852b_JaffaCakes118

  • Size

    395KB

  • MD5

    027c564465f623ade809cc6a14fe852b

  • SHA1

    45c9c9149a39a0a56340bf5249d7450218b39ae2

  • SHA256

    91818067ad31f07260a5d39b3f76f4387bf1ab2e74e2efc31af9e405fd56d684

  • SHA512

    8872bc7c7d4daa639c18a3cc670e8244b8c5c982c9646b2c732616956de5be0d3099cd5bf0c6714577206b8ec7e9d8c9cb7645a5507d6c91031c8d57c8ced6c9

  • SSDEEP

    6144:L/ru5zY98Hf11n4OzSWnX+ax/1ocDrqWbs0DoGLo4auc2DHm4mC1mKZ311An59p:m5QqrMCUspjoGs4auRC/UmKBu

Score
7/10
upxaspackv2

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 6 IoCs

    Detects file using ACProtect software.

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 69 IoCs

    Checks for missing Authenticode signature.

Files

  • 027c564465f623ade809cc6a14fe852b_JaffaCakes118
    .rar
  • ImpREC/Documentation/Loader.txt
  • ImpREC/Documentation/News.txt
  • ImpREC/Documentation/ReadMe.txt
  • ImpREC/Documentation/Tips.txt
  • ImpREC/History.txt
  • ImpREC/ImportREC.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin Source/ASProtect 1.2x/Delphi/aspr.dpr
  • ImpREC/Plugin Source/Morphine 3.3/morphine.Asm
  • ImpREC/Plugin Source/Morphine 3.3/morphine.Def
  • ImpREC/Plugin Source/Morphine 3.3/morphine.Inc
  • ImpREC/Plugin Source/Morphine 3.3/morphine.exp
  • ImpREC/Plugin Source/Morphine 3.3/morphine.lib
  • ImpREC/Plugin Source/Morphine 3.3/morphine.obj
  • ImpREC/Plugin Source/Morphine 3.3/morphine.rap
  • ImpREC/Plugin Source/PESpin 1.3.04/PESpinPlugin.cpp
  • ImpREC/Plugin Source/PESpin 1.3.04/PESpinPlugin.dsp
  • ImpREC/Plugin Source/PESpin 1.3.04/PESpinPlugin.dsw
  • ImpREC/Plugin Source/PESpin 1.3.04/PESpinPlugin.ncb
  • ImpREC/Plugin Source/PESpin 1.3.04/PESpinPlugin.opt
  • ImpREC/Plugin Source/PESpin 1.3.04/PESpinPlugin.plg
    .html
  • ImpREC/Plugin Source/PESpin 1.3.04/ReadMe.txt
  • ImpREC/Plugin Source/PESpin 1.3.04/StdAfx.cpp
  • ImpREC/Plugin Source/PESpin 1.3.04/StdAfx.h
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.Asm
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.Def
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.Inc
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.RES
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.exp
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.lib
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.obj
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.rap
  • ImpREC/Plugin Source/Perplex 1.01/Perplex101.rc
  • ImpREC/Plugin Source/Perplex 1.01/Res/Perplex101Ver.rc
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.Asm
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.Def
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.Inc
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.exp
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.lib
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.obj
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.rap
  • ImpREC/Plugin Source/RLPack 0.7/RLP07.rc
  • ImpREC/Plugin Source/RLPack 0.7/Res/RLP07Ver.rc
  • ImpREC/Plugin Source/Yoda 1.02/Res/Yoda102Ver.rc
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.Asm
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.Def
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.Inc
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.RES
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.exp
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.lib
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.obj
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.rap
  • ImpREC/Plugin Source/Yoda 1.02/Yoda102.rc
  • ImpREC/Plugin Source/eXcalibur 1.x/Excalibur.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin Source/eXcalibur 1.x/src/BuildDLL.bat
  • ImpREC/Plugin Source/eXcalibur 1.x/src/EXC.asm
  • ImpREC/Plugin Source/eXcalibur 1.x/src/EXC.def
  • ImpREC/Plugin Source/eXcalibur 1.x/src/hde.inc
  • ImpREC/Plugin Source/eXcalibur 1.x/src/hde.lib
  • ImpREC/Plugin Source/tELock 0.92x/Delphi/tELock.dpr
  • ImpREC/Plugin Source/tELock 0.92x/Masm/BuildDLL.bat
  • ImpREC/Plugin Source/tELock 0.92x/Masm/tELock.asm
  • ImpREC/Plugin Source/tELock 0.92x/Masm/tELock.def
  • ImpREC/Plugin Source/tELock 0.92x/Tasm/BuildDLL.bat
  • ImpREC/Plugin Source/tELock 0.92x/Tasm/W32.inc
  • ImpREC/Plugin Source/tELock 0.92x/Tasm/tELock.asm
  • ImpREC/Plugin Source/tELock 0.92x/Tasm/tELock.def
  • ImpREC/Plugin Source/tELock 0.92x/VC++/tELock0.92x/tELock.cpp
  • ImpREC/Plugin Source/tELock 0.92x/VC++/tELock0.92x/tELock.dsp
  • ImpREC/Plugin Source/tELock 0.92x/VC++/tELock0.95/tELock.cpp
  • ImpREC/Plugin Source/tELock 0.92x/VC++/tELock0.95/tELock.dsp
  • ImpREC/Plugin/ACProtect #1.dll
    .dll windows:4 windows x86 arch:x86

    91acfd4d9cc0193ded35cc3309b3ca1d


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/ACProtect #2.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ImpREC/Plugin/ACProtect #3.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/ASProtect 1.22.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin/ASProtect 1.23 rc4.dll
    .dll windows:4 windows x86 arch:x86

    ebb92269e89a198e944e60d92d2a80ef


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/ASProtect 1.2x Emul API #1.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin/ASProtect 1.2x Emul API #2.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ImpREC/Plugin/ASProtect 1.2x.dll
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ImpREC/Plugin/ASProtect 1.3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin/ASProtect 2.xx.dll
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ImpREC/Plugin/Alex Protector.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Armadillo 2.6.dll
    .dll windows:4 windows x86 arch:x86

    9a538a4399cb55455c877a4fb0f6c826


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/CoolCrypt.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Cryptocrack's PE Protector.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/EXEStealth275.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Excalibur.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/ExeCryptor.dll
    .dll windows:1 windows x86 arch:x86

    9b14c5d836eb56dca481789455ccbeb9


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Expressor 1.5.x.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/ExtOverlay.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin/GoatsPEMutilator16.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/HowTo.txt
  • ImpREC/Plugin/Krypton 0.4 - 0.5 #1.dll
    .dll windows:4 windows x86 arch:x86

    4028dc4f6cde20e7e8d8a970e30ed633


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Krypton 0.4 - 0.5 #2.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin/Krypton 0.5.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Morphine.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/NTKrnl Protector 0.1.x.dll
    .dll windows:1 windows x86 arch:x86

    aeb95de0faec0106bcfda91d767c404d


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Null.dll
    .dll windows:4 windows x86 arch:x86

    10fe5ea15f41d8494d21a2429664050f


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Obsidium #1.dll
    .dll windows:4 windows x86 arch:x86

    c8fd0c1db814ccb94e99d733a1bea809


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Obsidium #2.dll
    .dll windows:4 windows x86 arch:x86

    5469d2ad47486b6eb13f179cdd54b264


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Obsidium #3.dll
    .dll windows:4 windows x86 arch:x86

    c8fd0c1db814ccb94e99d733a1bea809


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Obsidium 1.3.dll
    .dll windows:4 windows x86 arch:x86

    31a4b80028473ea397a2e2662b5616f9


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Obsidium 1.3.dll.txt
  • ImpREC/Plugin/PE123.dll
    .dll windows:4 windows x86 arch:x86

    878ba4103ba98e71a5f4bafdc11e9c07


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/PECompact 2.7.x.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/PELock 1.06 (regged).dll
    .dll windows:4 windows x86 arch:x86

    fc95e6681a2e031290809f7efb23c9a3


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/PELock 1.06 (regged).dll.txt
  • ImpREC/Plugin/PELock 1.0x.dll
    .dll windows:4 windows x86 arch:x86

    5346429dbb4b5f79d1358365735b81f9


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/PESpin.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/PESpinPlugin.dll
    .dll windows:4 windows x86 arch:x86

    9d869ab59027cc9f4519e8ffda0294c3


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Perplex101.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Plugin.txt
  • ImpREC/Plugin/PrivateExeProtector 1.8.dll
    .dll windows:4 windows x86 arch:x86

    31a4b80028473ea397a2e2662b5616f9


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/PrivateExeProtector 1.8.txt
  • ImpREC/Plugin/Privilege.dll
    .dll windows:4 windows x86 arch:x86

    81dacd5d4ec8d3c7d2dc869c09cbaa27


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Protection Plus 4.x.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/RLPack 0.7.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/RLPack 0.7.x.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/RLPack 0.x.dll
    .dll windows:4 windows x86 arch:x86

    f607e05a098f803c623727829edea747


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/RLPack 1.16.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/RLPack 1.18.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/SDProtector 1.12.dll
    .dll windows:4 windows x86 arch:x86

    407bb2b400ae9b6cc86ad826adb3b48f


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/SVK Protector #1.dll
    .dll windows:4 windows x86 arch:x86

    1467011fd574881a37f97fc6726fb25e


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/SVK Protector #2.dll
    .dll windows:4 windows x86 arch:x86

    1467011fd574881a37f97fc6726fb25e


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/TPP.dll
    .dll windows:4 windows x86 arch:x86

    57ee4e7f35629a861ac9d4ad8491faf2


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/VisualProtect.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/Yoda Crypter 1.02.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.71.dll
    .dll windows:4 windows x86 arch:x86

    ff22697165d98bb65eb88dc24cc02224


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.92.dll
    .dll windows:4 windows x86 arch:x86

    4028dc4f6cde20e7e8d8a970e30ed633


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.98 #1.dll
    .dll windows:4 windows x86 arch:x86

    db2cd727172c410f50a73bd1cfbcdc03


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.98 #2.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • ImpREC/Plugin/tELock 0.98 #3.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.98 #4.dll
    .dll windows:4 windows x86 arch:x86

    81dacd5d4ec8d3c7d2dc869c09cbaa27


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.98 #5.dll
    .dll windows:4 windows x86 arch:x86

    4028dc4f6cde20e7e8d8a970e30ed633


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.99.dll
    .dll windows:4 windows x86 arch:x86

    81dacd5d4ec8d3c7d2dc869c09cbaa27


    Headers

    Imports

    Exports

    Sections

  • ImpREC/Plugin/tELock 0.9x.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ImpREC/psapi.dll
    .dll windows:6 windows x86 arch:x86

    1fc4445a4ba1269b298027e792fde1c6


    Headers

    Imports

    Exports

    Sections