Overview

overview

7

Static

static

7

06dfdbac6e...18.exe

windows7-x64

7

06dfdbac6e...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/ttf16.dll

windows7-x64

5

$SYSDIR/ttf16.dll

windows10-2004-x64

5

RICHED20.dll

windows7-x64

5

RICHED20.dll

windows10-2004-x64

5

sarp.exe

windows7-x64

5

sarp.exe

windows10-2004-x64

5

sarp.htm

windows7-x64

3

sarp.htm

windows10-2004-x64

3

uninstal.exe

windows7-x64

7

uninstal.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06dfdbac6e968528899fd66c4a13ba65_JaffaCakes118

  • Size

    1.1MB

  • MD5

    06dfdbac6e968528899fd66c4a13ba65

  • SHA1

    68f87fc5e58d2cfe1c75b9fe42354389473b7912

  • SHA256

    a4985c3ed38fbde6db4e8707e6b176f8e1c1c7598a3ba213561e6cd8521b0001

  • SHA512

    429fbf5b8c50e00a19d076ec1a49f4ca827ec7fa7e3b4ef07432ee20e6bc5678f17d40d7d65f2a6934427754b7f0abd36932f29106424ef4f0193beb5f6e3a19

  • SSDEEP

    24576:tsWOEkcZfUCcVWxHyStL00gDCDZZRLLdf+RiK0alScMT3Z9fm4DRlU0QRQRbx3z:6hcZ8CfZht5g2rRL5GM9alSzdlUFWdd

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • 06dfdbac6e968528899fd66c4a13ba65_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    3764e6c387ce3c76b39936a24d523dce


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/ttf16.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • FILEMOVE.AVI
  • RICHED20.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • SARP.OVR
  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • sarp.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • sarp.htm
    .html
  • uninstal.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections