Overview

overview

7

Static

static

7

0b41ae79d6...18.exe

windows7-x64

7

0b41ae79d6...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/hnml.dll

windows7-x64

5

$PLUGINSDIR/hnml.dll

windows10-2004-x64

5

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b41ae79d6f39c034068d5b2dc2ec7a7_JaffaCakes118

  • Size

    70KB

  • MD5

    0b41ae79d6f39c034068d5b2dc2ec7a7

  • SHA1

    8095ba146c7741cb4b3df627edca185894dfb7af

  • SHA256

    1a3f8a24ab6611410845314c2dbec7cbd80df2d74a34657296ce646fcbc42415

  • SHA512

    a3af3e41f9a940f10d83d99c812c93c0ff31f6a751cfef5635254ddd89c47a0a5bfafd37e30d6655ee1efd2d3989c3ea87523b19c25f603306c2c4a5b7cdf780

  • SSDEEP

    1536:fDV6awBrdbLkrude7mnflp4tmJHyO7UfcIBd5m7EjnDDs5E0Axpv9T:fDV6dAruRdWmJzofcILJjnDWopFT

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 0b41ae79d6f39c034068d5b2dc2ec7a7_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/hnml.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/reuninstall.ini
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp