Overview

overview

7

Static

static

7

0ced38bb6f...18.exe

windows7-x64

7

0ced38bb6f...18.exe

windows10-2004-x64

7

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Alawar.html

windows7-x64

3

Alawar.html

windows10-2004-x64

1

games.html

windows7-x64

3

games.html

windows10-2004-x64

3

Alawar.html

windows7-x64

3

Alawar.html

windows10-2004-x64

3

games.html

windows7-x64

3

games.html

windows10-2004-x64

3

$TEMP/alaw...le.exe

windows7-x64

7

$TEMP/alaw...le.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

5

$PLUGINSDI...ON.dll

windows10-2004-x64

5

$PLUGINSDI...ip.dll

windows7-x64

3

$PLUGINSDI...ip.dll

windows10-2004-x64

3

chrome/content/api.js

windows7-x64

3

chrome/content/api.js

windows10-2004-x64

3

chrome/con...d.html

windows7-x64

3

chrome/con...d.html

windows10-2004-x64

3

chrome/content/bg.js

windows7-x64

3

chrome/content/bg.js

windows10-2004-x64

3

chrome/con...ing.js

windows7-x64

3

chrome/con...ing.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    0ced38bb6fd09e67d5c1c155753608ca_JaffaCakes118

  • Size

    17.7MB

  • MD5

    0ced38bb6fd09e67d5c1c155753608ca

  • SHA1

    fd1c4f05e4703f66ef0a48f79a0631e4d2b8470a

  • SHA256

    dd08ab7d7cf236fbf205760c5cc2fba78fac630ed8eb07026e07f6a1a804cb4f

  • SHA512

    0c802a67bde91c97db7dd4bc6a507de63536550b6d3924c3b2d6d4b1b3e78a9fda98f236482fb9c86875be3ac7010d5773d175bc39f42384f129c3df55dc9c8b

  • SSDEEP

    393216:A0gvZN6Y5sQFjauYiaJHEEI2CTQwxtCBWvx+O549Hqhvi+l:A0EN3sUjXQFIpHBx+PHcF

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 23 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 6 IoCs
    installer

Files

  • 0ced38bb6fd09e67d5c1c155753608ca_JaffaCakes118
    .exe windows:5 windows x86 arch:x86

    b729b61eb1515fcf7b3e511e4e66258b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/NSISpcre.dll
    .dll windows:5 windows x86 arch:x86

    836f4951fb4175e54bfc7d7dac9c4c85


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:5 windows x86 arch:x86

    0ca59bdeada30c9db45574a2801b70d8


    Headers

    Imports

    Exports

    Sections

  • $TEMP/AlawarGames.gadget
    .cab
  • Alawar.html
    .js
  • gadget.xml
  • games.html
    .html
  • images/background.jpg
    .jpg
  • images/bg.gif
    .gif
  • images/bot_01.png
    .png
  • images/bot_02.png
    .png
  • images/bottom_bg.jpg
    .jpg
  • images/btn_01.png
    .png
  • images/btn_01hover.png
    .png
  • images/btn_02.png
    .png
  • images/btn_02hover.png
    .png
  • images/download.gif
    .gif
  • images/img.jpg
    .jpg
  • images/img_02.png
    .png
  • images/info.png
    .png
  • images/logo.png
    .png
  • $TEMP/AlawarGames_$_29_.gadget
    .cab
  • Alawar.html
    .js
  • gadget.xml
  • games.html
    .html
  • images/background.jpg
    .jpg
  • images/bg.gif
    .gif
  • images/bot_01.png
    .png
  • images/bot_02.png
    .png
  • images/bottom_bg.jpg
    .jpg
  • images/btn_01.png
    .png
  • images/btn_01hover.png
    .png
  • images/btn_02.png
    .png
  • images/btn_02hover.png
    .png
  • images/download.gif
    .gif
  • images/img.jpg
    .jpg
  • images/img_02.png
    .png
  • images/info.png
    .png
  • images/logo.png
    .png
  • $TEMP/alawar.single.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/VistaDLL.dll
    .dll windows:5 windows x86 arch:x86

    5ef9835af8d14b0867ea3085d2b62135


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsJSON.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/nsUnzip.dll
    .dll windows:4 windows x86 arch:x86

    f61b492d16b51856da71c9a124fee190


    Headers

    Imports

    Exports

    Sections

  • $TEMP/xpi.zip
    .zip
  • chrome.manifest
  • chrome/content/api.js
    .js
  • chrome/content/b-spinner.gif
    .gif
  • chrome/content/background.html
    .html
  • chrome/content/bg.js
    .js
  • chrome/content/branding.js
    .js
  • chrome/content/button.xml
    .xml
  • chrome/content/config.js
  • chrome/content/constants.js
    .js
  • chrome/content/framework.js
    .js
  • chrome/content/framework.png
    .png
  • chrome/content/framework.xul
    .js .xml polyglot
  • chrome/content/icon18x18.png
    .png
  • chrome/content/icon24x24.png
    .png
  • chrome/content/icon32x32.png
    .png
  • chrome/content/icon48x48.png
    .png
  • chrome/content/jquery-1.9.1.min.js
    .js
  • chrome/content/options.xul
    .js .xml polyglot
  • chrome/content/popup.content.js
    .js
  • chrome/content/popup.html
    .html
  • chrome/content/settings.json
  • chrome/skin/framework.css
  • icon.png
    .png
  • install.rdf
    .xml
  • $_15_/AlawarHelper.exe
    .exe windows:5 windows x86 arch:x86

    7ae0ff5f7c34cb18f170d4853f0d3597


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/$R0/chrome.crx
    .zip
  • api.js
    .js
  • b-spinner.gif
    .gif
  • background.html
  • bg.js
    .js
  • branding.js
    .js
  • ci.bg.pack.js
    .js
  • ci.browser.helper.js
    .js
  • ci.content.pack.js
    .js
  • constants.js
    .js
  • icon18x18.png
    .png
  • icon24x24.png
    .png
  • icon32x32.png
    .png
  • icon48x48.png
    .png
  • jquery-1.9.1.min.js
    .js
  • jquery.uuid.js
    .js
  • manifest.json
  • popup.content.js
    .js
  • popup.html
    .html
  • popup.js
  • settings.json
  • $_15_/Opera/Opera/widgets/$WINDIR/npapi.dll
    .dll windows:5 windows x86 arch:x86

    b3786670c0db1c91cd6c57938d9769ce


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/AddonsFramework.Typelib.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    840770e3d4f0dd959779a45e1f36a662


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/AddonsFramework.Typelib64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    4af9dfefe221f330d6919558fd32a202


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/BackgroundHost.exe
    .exe windows:5 windows x86 arch:x86

    562e0115101c1d724aa440d011662990


    Headers

    Imports

    Sections

  • $_15_/Opera/Opera/widgets/BackgroundHost64.exe
    .exe windows:5 windows x64 arch:x64

    84a0fca69712f00db867ad5919717457


    Headers

    Imports

    Sections

  • $_15_/Opera/Opera/widgets/ButtonSite.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    700c1d33feef62e42ce33ddd88731507


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/ButtonSite64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    ef18c09c439b4b02f459b785f2432afb


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/ScriptHost.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    c08c0b31c63e63370f5f69fe35e78d8f


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/ScriptHost64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    bcbf455b5b0eb6a13ff32d387b2e8b7b


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/alawar.oex
    .zip
  • api.js
    .js
  • b-spinner.gif
    .gif
  • background.html
    .html
  • bg.js
    .js
  • branding.js
    .js
  • ci.bg.pack.js
    .js
  • config.xml
    .xml
  • constants.js
    .js
  • icon18x18.png
    .png
  • icon24x24.png
    .png
  • icon32x32.png
    .png
  • icon48x48.png
    .png
  • includes/ci.content.single.js
    .js
  • jquery-1.9.1.min.js
    .js
  • jquery.uuid.js
    .js
  • popup.content.js
    .js
  • popup.html
    .html
  • popup.js
  • $_15_/Opera/Opera/widgets/api.js
    .js
  • $_15_/Opera/Opera/widgets/b-spinner.gif
    .gif
  • $_15_/Opera/Opera/widgets/background.html
    .html .js polyglot
  • $_15_/Opera/Opera/widgets/bg.js
    .js
  • $_15_/Opera/Opera/widgets/branding.js
    .js
  • $_15_/Opera/Opera/widgets/config.xml
    .xml
  • $_15_/Opera/Opera/widgets/constants.js
    .js
  • $_15_/Opera/Opera/widgets/icon18x18.png
    .png
  • $_15_/Opera/Opera/widgets/icon24x24.png
    .png
  • $_15_/Opera/Opera/widgets/icon32x32.png
    .png
  • $_15_/Opera/Opera/widgets/icon48x48.png
    .png
  • $_15_/Opera/Opera/widgets/jquery-1.9.1.min.js
    .js
  • $_15_/Opera/Opera/widgets/json2.min.js
    .js
  • $_15_/Opera/Opera/widgets/options.htm
    .html .js polyglot
  • $_15_/Opera/Opera/widgets/popup.content.js
    .js
  • $_15_/Opera/Opera/widgets/popup.html
    .html
  • $_15_/Opera/Opera/widgets/uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    ee75cece63794fa22feebed80a358b16


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $_15_/Opera/Opera/widgets/updater.js
    .js
  • $_15_/Opera/Opera/widgets/updaterWrapper.js
    .js
  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • AlawarGames_$_29_.gadget
    .cab