Overview

overview

10

Static

static

3

337f603c8b...18.exe

windows7-x64

10

337f603c8b...18.exe

windows10-2004-x64

10

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$TEMP/setup.exe

windows7-x64

10

$TEMP/setup.exe

windows10-2004-x64

10

$TEMP/sys.exe

windows7-x64

7

$TEMP/sys.exe

windows10-2004-x64

7

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$R1.dll

windows7-x64

6

$R1.dll

windows10-2004-x64

6

$TEMP/tcpsrvc.exe

windows7-x64

7

$TEMP/tcpsrvc.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...1_.exe

windows7-x64

7

$SYSDIR/$S...1_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$_5_.dll

windows7-x64

6

$SYSDIR/$_5_.dll

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    337f603c8b740238d363cca78e8687d5_JaffaCakes118

  • Size

    4.7MB

  • MD5

    337f603c8b740238d363cca78e8687d5

  • SHA1

    a6b9fce6d9bbd232d779b0fbae39a746613e4397

  • SHA256

    5a2421a99391c5deb961e8f6dbbb5a660531192c2fa279061d6d637bb9656947

  • SHA512

    e3ed5235ccc8f8b18e318baf54ebec38b2c6281be08290d2c0ba42fcdb0d4e99eefe2014904a2c75c94efbd7e3d96d0d3ee471c27334ec991f96344a32171cef

  • SSDEEP

    98304:JfyFY1bgUxBPwBwVIJMIcjE0PAK+AV/YbcDklVkH343uKS:JaFYmOPw6VIJMIcjL2wwflKH343tS

Score
3/10

Malware Config

Signatures

  • Unsigned PE 14 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 8 IoCs
    installer

Files

  • 337f603c8b740238d363cca78e8687d5_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    a648aeaa164b592c1e8892a10400b5ae


    Headers

    Imports

    Exports

    Sections

  • $TEMP/setup.exe
    .exe windows:4 windows x86 arch:x86

    256c6be6d56ee2b4ff99733328ada0d7


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/sys.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/Math.dll
    .dll windows:4 windows x86 arch:x86

    c1eddc2d743572429fa0b1a79b7ac0fe


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:4 windows x86 arch:x86

    f5edecae12589e705677a6e272ad0394


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    2274cc1534607459cdd304a928601ef9


    Headers

    Imports

    Exports

    Sections

  • $R1
    .dll regsvr32 windows:5 windows x86 arch:x86

    4a7e69be12cc706a7b511c3c3baf6eed


    Headers

    Imports

    Exports

    Sections

  • $TEMP/tcpsrvc.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/$SYSDIR/$_1_.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/validate.ini
  • $SYSDIR/$_5_
    .dll regsvr32 windows:5 windows x86 arch:x86

    b7c9010b92e29e52a74765b823034c10


    Headers

    Imports

    Exports

    Sections