General

  • Target

    1a204aea28908b5230ae51c6fbff9ec0_JaffaCakes118

  • Size

    23.2MB

  • MD5

    1a204aea28908b5230ae51c6fbff9ec0

  • SHA1

    71db4e02f6ada852a1a71ef12e48b68dde1e9059

  • SHA256

    9b3992193d3661c3605576230693556cb76e202be8d084e5a0548b328ee7afef

  • SHA512

    485dbdf95e82b20b7d17cc0f04fd9525afe96a5690284f5daf36e68f362643897da5d43549f9d2f7f6324d4072760df3e6a03afa3920036dc4ac26d2178d2195

  • SSDEEP

    393216:QwYa5spFeIwDDyMTtOe7cdaYnfeOD4AmJONvTo3ofrzRUt3f9SNu8q84:QW5fIwjtOnwCeOoi8YTzRfNxT4

Score
10/10

Malware Config

Signatures

  • AmmyyAdmin payload 1 IoCs
  • Ammyyadmin family
  • Unsigned PE 20 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 1a204aea28908b5230ae51c6fbff9ec0_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    3abe302b6d9a1256e6a915429af4ffd2


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    610235b90207a63ccf481f0d4375d329


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    274b99a815ba574d8c9e1712916d8b30


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/advsplash.dll
    .dll windows:4 windows x86 arch:x86

    c0d4e5fadc92d88e6603d2d1c1d8421c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/splash.bmp
  • PBWS32.DLL
    .dll windows:1 windows x86 arch:x86


    Headers

    Exports

    Sections

  • Scan.ini
  • baro.exe
    .exe windows:5 windows x86 arch:x86

    ae86390549f5fe4a8cd8eb0b541a9234


    Headers

    Imports

    Exports

    Sections

  • butce.pbd
  • cmuk_d.pbd
  • cmuk_m.pbd
  • cmuk_r.pbd
  • cmuk_w.pbd
  • cmuk_wr.pbd
  • demirbas.pbd
  • disiplin.pbd
  • disiplin_r.pbd
  • disiplin_yeni.pbd
  • dll/FreeImage.dll
    .dll windows:5 windows x86 arch:x86

    f3db81844469ba23e814e3c02eedcc15


    Headers

    Imports

    Exports

    Sections

  • dll/Interop.WIA.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/MarkupConverter.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/PdfSharp.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/RegAsm.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dll/SDD_TWAIN_SCANNER.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/Saraff.Twain.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/System.Drawing.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dll/UzakYardim.exe
    .exe windows:4 windows x86 arch:x86

    59bc1054f3fb6d52d677cef7c12118a3


    Headers

    Imports

    Sections

  • dll/UzakYardim.log
  • dll/WinSCP.com
    .exe windows:4 windows x86 arch:x86

    4930629d52bba909dc99b790c62376e0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • dll/WinSCP.exe
    .exe windows:4 windows x86 arch:x86

    c536302487d5cbf417a6126897c88a3e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • dll/WinSCPnet.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • dll/cl32.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    36600284ee7106703504347a91112909


    Headers

    Imports

    Exports

    Sections

  • dll/sdd_regasm.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • doorbell1.wav
  • emubasir.pbd
  • evrak.pbd
  • fatura.pbd
  • gundem.pbd
  • gxps.exe
    .exe windows:4 windows x86 arch:x86

    30c57c50884b31ccd9b068732d733ff6


    Headers

    Imports

    Exports

    Sections

  • gxpsdll32.dll
    .dll windows:4 windows x86 arch:x86

    65d0d33be91322f0ad0f7e7c678d1401


    Headers

    Imports

    Exports

    Sections

  • gxpswin32.exe
    .exe windows:4 windows x86 arch:x86

    5ddab959cb9a7d26f416532c3f052315


    Headers

    Imports

    Sections

  • ihm.pbd
  • katip.pbd
  • khk.pbd
  • kimlik.pbd
  • kiraci.pbd
  • kolaylastirici.pbd
  • komisyon.pbd
  • magdur.pbd
  • mali.pbd
  • muhasebe.pbd
  • muhasebe_r.pbd
  • muzaharet.pbd
  • ortak_d.pbd
  • ortak_f.pbd
  • ortak_u.pbd
  • ortak_w.pbd
  • pbsoapclient105.pbd
  • pbsoapclient90.pbd
  • personel.pbd
  • sdd_d.pbd
  • sdd_degisen.pbd
  • sdd_f.pbd
  • sdd_inherit.pbd
  • sdd_m.pbd
  • sdd_n_cst.pbd
  • sdd_s.pbd
  • sdd_security.pbd
  • sdd_u.pbd
  • sdd_w.pbd
  • sddproxy.pbd
  • sem.pbd
  • seminer.pbd
  • sicil.pbd
  • sicil_r.pbd
  • sigorta.pbd
  • staj.pbd
  • staj_r.pbd
  • stok.pbd
  • sydf.pbd
  • tsk_ek2.pbd
  • uyecari.pbd
  • uzlasma.pbd
  • yardim.pbd
  • yardim_r.pbd
  • yardim_yk.pbd
  • yazisma.pbd
  • ys.pbd