Overview

overview

7

Static

static

3

Web Stream...up.exe

windows7-x64

7

Web Stream...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

flvplayer.exe

windows7-x64

7

flvplayer.exe

windows10-2004-x64

7

html/newversion.htm

windows7-x64

3

html/newversion.htm

windows10-2004-x64

3

html/reminder.htm

windows7-x64

3

html/reminder.htm

windows10-2004-x64

3

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

url/buy.url

windows7-x64

6

url/buy.url

windows10-2004-x64

3

url/buysoft_nag.url

windows7-x64

6

url/buysoft_nag.url

windows10-2004-x64

3

url/buysoft_reg.url

windows7-x64

6

url/buysoft_reg.url

windows10-2004-x64

3

url/how_do_i.url

windows7-x64

6

url/how_do_i.url

windows10-2004-x64

3

url/quick_tour.url

windows7-x64

6

url/quick_tour.url

windows10-2004-x64

3

url/software.url

windows7-x64

6

url/software.url

windows10-2004-x64

3

url/websites.url

windows7-x64

6

url/websites.url

windows10-2004-x64

3

winpcap.exe

windows7-x64

3

winpcap.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    0c110d33e891ec97a573a66946c8c9d8_JaffaCakes118

  • Size

    2.4MB

  • MD5

    0c110d33e891ec97a573a66946c8c9d8

  • SHA1

    ce75409026366d92406037f711169568fddcf07b

  • SHA256

    e7fe157fd9e715a16df6d1b05a8009cd4142c40ce94949a57d76dc13cfef66dd

  • SHA512

    727cf244d4e7801b6603a1aa0617b8a2b2615b481cca073effd1ccdf3fceea03657e8708bad7ce534ea462a63ee545b1f4a93121989c1ca0757124777adf355c

  • SSDEEP

    49152:kFOKRc5YTF/SzdYWxSzSME4mNeBDIe8cEjzdGpltomDa:kVRfh6pYQDD4mNeBTgvdGplima

Score
3/10

Malware Config

Signatures

  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • 0c110d33e891ec97a573a66946c8c9d8_JaffaCakes118
    .rar
  • Web Stream Recorder Pro 2.0 build 540/Setup.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    28d94e5199b88ad374b3cb2118e31a66


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • flvplayer.exe
    .exe windows:4 windows x86 arch:x86

    77b56c55a5fc78f33ecc9f2fb7001d01


    Headers

    Imports

    Sections

  • html/newversion.htm
    .html
  • html/reminder.htm
    .html
  • lang/Arabic.txt
  • lang/Bulgarian.txt
  • lang/Chinese.txt
  • lang/Dutch.txt
  • lang/English.txt
  • lang/German.txt
  • lang/Italian.txt
  • lang/Norwegian.txt
  • lang/Polish.txt
  • lang/Romanian.txt
  • lang/Russian.txt
  • lang/Serbian.txt
  • license.txt
  • sounds/done.wav
  • sounds/error.wav
  • sounds/gotcha.wav
  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • url/buy.url
  • url/buysoft_nag.url
  • url/buysoft_reg.url
  • url/how_do_i.url
  • url/quick_tour.url
  • url/software.url
  • url/websites.url
  • winpcap.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsWeb.dll
    .dll windows:4 windows x86 arch:x86

    d12ed83df3a4aa87887f14a225ff95d4


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/Packet.dll
    .dll windows:4 windows x86 arch:x86

    159da4fb58d740e6fd486492861bf942


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/WanPacket.dll
    .dll windows:4 windows x86 arch:x86

    c4f10a94feffedd44a2a094b559256d7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/pthreadVC.dll
    .dll windows:4 windows x86 arch:x86

    90ee61357770484e2d085958b94141a3


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/wpcap.dll
    .dll windows:4 windows x86 arch:x86

    a74f57c0da946efe5b5644f58e3aa02c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/CACE_Banner.htm
    .html
  • $TEMP/CACE_Logo.gif
    .gif
  • $TEMP/NetSol.jpg
    .jpg
  • WinPcapInstall.dll
    .dll windows:4 windows x86 arch:x86

    d60f1109a9a63e2695e536772cd81b32


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • rpcapd.exe
    .exe windows:4 windows x86 arch:x86

    e15cadb5060ea0689a84c75d4e8422a5


    Code Sign

    Headers

    Imports

    Sections

  • wsr2007.exe
    .exe windows:4 windows x86 arch:x86

    f433e7fcc51e68080022754836705744


    Headers

    Imports

    Sections

  • Web Stream Recorder Pro 2.0 build 540/serial.txt