Overview

overview

7

Static

static

3

0789f1651c...18.exe

windows7-x64

7

0789f1651c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDIR/xml.dll

windows7-x64

3

$PLUGINSDIR/xml.dll

windows10-2004-x64

3

Tu.exe

windows7-x64

7

Tu.exe

windows10-2004-x64

7

TuAgent.exe

windows7-x64

7

TuAgent.exe

windows10-2004-x64

7

TuRes.dll

windows7-x64

3

TuRes.dll

windows10-2004-x64

3

TuStarter.exe

windows7-x64

1

TuStarter.exe

windows10-2004-x64

1

Tu_en.chm

windows7-x64

1

Tu_en.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0789f1651c758afc9412e9fe51a8a411_JaffaCakes118

  • Size

    5.2MB

  • MD5

    0789f1651c758afc9412e9fe51a8a411

  • SHA1

    faf00950db06e3af3280cb0a230efcad97e3b17d

  • SHA256

    6d12f8f39e636ff807fe48f4aafe6f036715cb3744aef9cbf042bb29c4097ab9

  • SHA512

    7bd2867b248e374df949bbf35323aeb04c9512570e9c171c3a99fbbf0f986489c9a81bda1a10acaafbf41e110ed28f6b02b157432d53944bf7ee576bd71a1e1d

  • SSDEEP

    98304:BqKtLONTjq33kbz3Q8g0eiJtbG1vKSUy+zeCtBrzW75s4E+xebtswhaPjzhp4z:E2wqnOz3heiHb4vMryopXhaPZw

Score
3/10

Malware Config

Signatures

  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 0789f1651c758afc9412e9fe51a8a411_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $APPDATA/Martau/Total Uninstall 5/Program Options.dat
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/blowfish.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/locate.dll
    .dll windows:4 windows x86 arch:x86

    7f8181c74f882a780c7cd485241e8b51


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/xml.dll
    .dll windows:4 windows x86 arch:x86

    b5ed5b3a951d4443ce56e5453702d536


    Headers

    Imports

    Exports

    Sections

  • Translations/English.lng
  • Translations/Russian.lng
  • Translations/Ukrainian.lng
  • Tu.exe
    .exe windows:4 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Code Sign

    Headers

    Imports

    Sections

  • TuAgent.exe
    .exe windows:4 windows x86 arch:x86

    acf11b4e62944b81038fa07547c2f33b


    Code Sign

    Headers

    Imports

    Sections

  • TuRes.dll
    .dll windows:4 windows x86 arch:x86

    6760a0ff6425a5b23bc76f162583bd01


    Code Sign

    Headers

    Imports

    Sections

  • TuStarter.exe
    .exe windows:4 windows x64 arch:x64

    1c54f6c1c2943628db8625767c75b2b2


    Code Sign

    Headers

    Imports

    Sections

  • Tu_en.chm
    .chm
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp