Overview

overview

9

Static

static

9

WebBrowser...ew.exe

windows7-x64

7

WebBrowser...ew.exe

windows10-2004-x64

7

mailpv.exe

windows7-x64

9

mailpv.exe

windows10-2004-x64

9

mspass.exe

windows7-x64

9

mspass.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    130a267f761881beed7cd892992ed20b_JaffaCakes118

  • Size

    299KB

  • MD5

    130a267f761881beed7cd892992ed20b

  • SHA1

    44d77aa2622f887377721696bbef7b463734e368

  • SHA256

    682e3da21347a01280f07a6701e243ddce5152a14dc3501545546b7c6f489601

  • SHA512

    424f546b9f9fe3d8897c0089b8863d85c7a87a3540d50e844e9ea2b22580a2388bfe252ef5885e2a7e37c6f994bbb7b6146c33a6f255c53344066b1c541d408f

  • SSDEEP

    6144:HwuukFOjRKCA86jNcgm8SoGK+w45mrEty+jO2Vz/cNDH:QuulK1tmXo1V+mrEtywO2Vz/UH

Score
9/10
upx

Malware Config

Signatures

  • Detected Nirsoft tools 3 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView 1 IoCs

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 130a267f761881beed7cd892992ed20b_JaffaCakes118
    .zip
  • WebBrowserPassView.exe
    .exe windows:4 windows x86 arch:x86

    65d1b1de6af8e4cfc3f0920cb8d513df


    Headers

    Imports

    Sections

  • mailpv.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • mspass.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections