Overview

overview

4

Static

static

4

2345...ȫ.url

windows7-x64

1

2345...ȫ.url

windows10-2004-x64

1

2345...��.url

windows7-x64

1

2345...��.url

windows10-2004-x64

1

FreeMind.exe

windows7-x64

1

FreeMind.exe

windows10-2004-x64

3

accessorie...tml.js

windows7-x64

3

accessorie...tml.js

windows10-2004-x64

3

accessorie...Pdf.js

windows7-x64

3

accessorie...Pdf.js

windows10-2004-x64

3

accessorie...ree.js

windows7-x64

3

accessorie...ree.js

windows10-2004-x64

3

browser/fr...r.html

windows7-x64

3

browser/fr...r.html

windows10-2004-x64

3

browser/fr...er.jar

windows7-x64

1

browser/fr...er.jar

windows10-2004-x64

1

browser/fr...r.html

windows7-x64

3

browser/fr...r.html

windows10-2004-x64

3

doc/FM_Key...de.odt

windows7-x64

4

doc/FM_Key...de.odt

windows10-2004-x64

3

doc/FM_Key...de.pdf

windows7-x64

3

doc/FM_Key...de.pdf

windows10-2004-x64

3

doc/FM_Key...et.odt

windows7-x64

3

doc/FM_Key...et.odt

windows10-2004-x64

3

doc/FM_Key...et.pdf

windows7-x64

3

doc/FM_Key...et.pdf

windows10-2004-x64

3

doc/FM_Key...fr.odt

windows7-x64

4

doc/FM_Key...fr.odt

windows10-2004-x64

3

doc/FM_Key...fr.pdf

windows7-x64

3

doc/FM_Key...fr.pdf

windows10-2004-x64

3

doc/FM_Key...hr.odt

windows7-x64

4

doc/FM_Key...hr.odt

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2892b84cffcb83128ffdf70a9f4dd295_JaffaCakes118

  • Size

    21.2MB

  • MD5

    2892b84cffcb83128ffdf70a9f4dd295

  • SHA1

    200be4b43bd5763b2d8092094bad80961db3edc2

  • SHA256

    b59cf95fdbdddacd611ec2573acc5a852bfd9f90befee096aee2ee0df5ae65a5

  • SHA512

    bf6d1bf0994798d102edf450a863a56dff5f72461a374a71b89f87428b311b55fe429e7b2ad7b958ccac80d24fb9ec823956cdbb818907e276ad0fb0ed7a3769

  • SSDEEP

    393216:T6jrUdEVlU/0d8tPzaoQx37FD41yoGXUJ8w+NoRpMGFMJJBkfGEHUBK7QCTaG88Z:2EMleXGom37V4w08wBg6UTkeE0eTDb

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2892b84cffcb83128ffdf70a9f4dd295_JaffaCakes118
    .zip
  • 2345ȫ.url
    .url
  • 2345̳.url
    .url
  • FreeMind.exe
    .exe windows:4 windows x86 arch:x86

    69a8d3ed0ccfde7970b7525e158f2030


    Headers

    Imports

    Sections

  • accessories/ExportToHtml.groovy
    .js
  • accessories/ExportToPdf.groovy
    .js
  • accessories/LICENSE.MIT
  • accessories/freemind2applet.xsl
    .xml
  • accessories/freemind2flash.xsl
    .xml
  • accessories/freemind2html.css
  • accessories/freemind2html.xsl
    .xml
  • accessories/hide.png
    .png
  • accessories/ilink.png
    .png
  • accessories/leaf.png
    .png
  • accessories/marktree.js
    .js
  • accessories/masterfile.tex
  • accessories/mindmanager2mm.xsl
    .xml
  • accessories/minus.png
    .png
  • accessories/mm2csv.xsl
    .xml
  • accessories/mm2html.xsl
    .xml
  • accessories/mm2latex.xsl
    .xml
  • accessories/mm2latex_latin1_TEMPLATE.mm
  • accessories/mm2latexartcl.xsl
    .xml
  • accessories/mm2latexbook.xsl
    .xml
  • accessories/mm2msp_utf8.xsl
    .xml
  • accessories/mm2msp_utf8_TEMPLATE.mm
  • accessories/mm2ooimpress.manifest.xsl
    .xml
  • accessories/mm2ooimpress.xsl
    .xml
  • accessories/mm2ooimpressStyles.xml
    .xml
  • accessories/mm2oowriter.manifest.xsl
    .xml
  • accessories/mm2oowriter.xsl
    .xml
  • accessories/mm2oowriterStyles.xml
    .xml
  • accessories/mm2opml.xsl
    .xml
  • accessories/mm2text.xsl
    .xml
  • accessories/mm2tjiresources.xsl
    .xml
  • accessories/mm2tjitasks.xsl
    .xml
  • accessories/mm2tsk.xsl
    .xml
  • accessories/mm2twiki.xsl
    .xml
  • accessories/mm2twiki_headings.xsl
    .xml
  • accessories/mm2wordml_utf8.xsl
    .xml
  • accessories/mm2wordml_utf8_TEMPLATE.mm
  • accessories/mm2xbel.xsl
    .xml
  • accessories/mm2xls_utf8.xsl
    .xml
  • accessories/opml2mm.xsl
    .xml
  • accessories/plus.png
    .png
  • accessories/show.png
    .png
  • accessories/tohtml.xsl
    .xml
  • accessories/toxhtml.xsl
    .xml
  • accessories/treestyles.css
  • accessories/xbel2mm.xsl
    .xml
  • browser/freemind.mm
  • browser/freemindbrowser.html
    .html
  • browser/freemindbrowser.jar
    .jar
  • browser/freemindbrowser.xhtml
    .html
  • browser/license
  • dictionaries.properties
  • dictionary_de.ortho
  • dictionary_en.ortho
  • doc/FM_Key_Mappings_Quick_Guide.odt
    .odt openoffice
  • doc/FM_Key_Mappings_Quick_Guide.pdf
    .pdf
  • doc/FM_Key_Mappings_Quick_Guide_et.odt
    .odt openoffice
  • doc/FM_Key_Mappings_Quick_Guide_et.pdf
    .pdf

    • http://et.wikipedia.org/wiki/OpenDocument

  • doc/FM_Key_Mappings_Quick_Guide_fr.odt
    .odt openoffice
  • doc/FM_Key_Mappings_Quick_Guide_fr.pdf
    .pdf
  • doc/FM_Key_Mappings_Quick_Guide_hr.odt
    .odt openoffice
  • doc/FM_Key_Mappings_Quick_Guide_hr.pdf
    .pdf
  • doc/FM_Key_Mappings_Quick_Guide_it.odt
    .odt openoffice
  • doc/FM_Key_Mappings_Quick_Guide_it.pdf
    .pdf
  • doc/FM_Key_Mappings_Quick_Guide_ja.pdf
    .pdf
  • doc/FM_Key_Mappings_Quick_Guide_ru.odt
    .odt openoffice
  • doc/FM_Key_Mappings_Quick_Guide_ru.pdf
    .pdf
  • doc/freemind.mm
  • doc/freemind_da.mm
  • doc/freemind_de.mm
  • doc/freemind_es.mm
  • doc/freemind_et.mm
  • doc/freemind_fr.mm
  • doc/freemind_id.mm
  • doc/freemind_ja.mm
  • doc/freemind_ru.mm
  • doc/freemind_vi.mm
  • freemind.bat
  • freemind.sh
    .sh .vbs linux polyglot
  • freemindw.bat
  • lib/SimplyHTML/SimplyHTML.jar
    .jar
  • lib/SimplyHTML/gnu-regexp-1.1.4.jar
    .jar
  • lib/bindings.jar
    .jar
  • lib/forms-1.0.5.jar
    .jar
  • lib/freemind.jar
    .jar
  • lib/jibx/jibx-run.jar
    .jar
  • lib/jibx/xpp3.jar
    .jar
  • lib/jortho.jar
    .jar
  • lib/serializer.jar
    .jar
  • lib/xalan.jar
    .jar
  • lib/xercesImpl.jar
    .jar
  • lib/xml-apis.jar
    .jar
  • license
  • patterns.xml
    .xml
  • plugins/CollaborationSocket.xml
    .xml
  • plugins/ExportSvg.xml
    .xml
  • plugins/FreemindHelp.xml
    .xml
  • plugins/MapViewer.xml
    .xml
  • plugins/ScriptingEngine.xml
    .xml
  • plugins/collaboration/socket/socket_plugin.jar
    .jar
  • plugins/help/help_plugin.jar
    .jar
  • plugins/help/jhall.jar
    .jar
  • plugins/map/JMapViewer.jar
    .jar
  • plugins/map/map_plugin.jar
    .jar
  • plugins/script/groovy-all-1.5.6.jar
    .jar
  • plugins/script/scripting_plugin.jar
    .jar
  • plugins/svg/batik-awt-util.jar
    .jar
  • plugins/svg/batik-bridge.jar
    .jar
  • plugins/svg/batik-css.jar
    .jar
  • plugins/svg/batik-dom.jar
    .jar
  • plugins/svg/batik-ext.jar
    .jar
  • plugins/svg/batik-extension.jar
    .jar
  • plugins/svg/batik-gui-util.jar
    .jar
  • plugins/svg/batik-gvt.jar
    .jar
  • plugins/svg/batik-parser.jar
    .jar
  • plugins/svg/batik-script.jar
    .jar
  • plugins/svg/batik-squiggle.jar
    .jar
  • plugins/svg/batik-svg-dom.jar
    .jar
  • plugins/svg/batik-svggen.jar
    .jar
  • plugins/svg/batik-swing.jar
    .jar
  • plugins/svg/batik-transcoder.jar
    .jar
  • plugins/svg/batik-util.jar
    .jar
  • plugins/svg/batik-xml.jar
    .jar
  • plugins/svg/js.jar
    .jar
  • plugins/svg/pdf-transcoder.jar
    .jar
  • plugins/svg/svg_plugin.jar
    .jar
  • plugins/svg/xerces_2_5_0.jar
    .jar
  • plugins/svg/xml-apis.jar
    .jar