Overview

overview

9

Static

static

3

2e307f505f...18.exe

windows7-x64

7

2e307f505f...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...rk.dll

windows7-x64

3

$PLUGINSDI...rk.dll

windows10-2004-x64

3

AutoUpdate.exe

windows7-x64

3

AutoUpdate.exe

windows10-2004-x64

3

QZoneClone.dll

windows7-x64

6

QZoneClone.dll

windows10-2004-x64

6

QZoneClone.exe

windows7-x64

9

QZoneClone.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2e307f505f7a8d571508197fb2608ee2_JaffaCakes118

  • Size

    2.1MB

  • MD5

    2e307f505f7a8d571508197fb2608ee2

  • SHA1

    036b3428be87fc387062e6341246d7a7f19a6a85

  • SHA256

    abede0db93348c83e3c5b0aaeeb40b815a0dbce8b95ea8e718465a86d63f9ee2

  • SHA512

    61943010ace041ad00e2c89338023be42c4c009e21201386ba5e2f94d40c884fa1bdc8814e68417ea3444ef98289f05474d91b86f9c5d1a9020df8dc970162a7

  • SSDEEP

    49152:XncH51ay+vF1CoVLQSEm/IB6NsznZETncwU:W5qt1CoXVNUZUFU

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 2e307f505f7a8d571508197fb2608ee2_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Exec.bmp
  • $PLUGINSDIR/Home.bmp
  • $PLUGINSDIR/Left.bmp
  • $PLUGINSDIR/Log.bmp
  • $PLUGINSDIR/Soft.bmp
  • $PLUGINSDIR/SucaiBar.bmp
  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/bg.bmp
  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5bdcdde5acd7b395f3f3d19ebbb8c6cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ipconfig.dll
    .dll windows:5 windows x86 arch:x86

    891e128d9bd0ba51661a3a8a0557191a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/processwork.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • AutoUpdate.exe
    .exe windows:5 windows x86 arch:x86

    1fa981d42f50448e2c7a1a7a3825d6fe


    Code Sign

    Headers

    Imports

    Sections

  • QZoneClone.db
  • QZoneClone.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    38d1e26ad06a59f8fb3621bbbae20796


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • QZoneClone.exe
    .exe windows:5 windows x86 arch:x86

    113fecbe2c2b31c8dd2108615640a5a9


    Code Sign

    Headers

    Imports

    Sections

  • Uninstall.exe.nsis