General

  • Target

    JaffaCakes118_dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78

  • Size

    4.1MB

  • MD5

    65b9a2bb5e5510eda9a351da1f95e508

  • SHA1

    673472622fed797b1afb577d0053c9ee2d83d675

  • SHA256

    dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78

  • SHA512

    028aa956ebaf1e20219f8d25fb55f087bbcc68f93e13833ae2be70995cd16696c3cd36fe9accafc00ef20975e3bb016ecd924e264217629cd814971d761020f8

  • SSDEEP

    98304:xly2wGPLwrHKNVXf1WOWxQmeaVPnNPi0ambpBcs/zdPvHrCi9FZF:PwGPLwLKNlkOWzPd/pBdLr9bF

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.01

Botnet

1ce576

Attributes
  • install_dir

    91a0189a82

  • install_file

    tkools.exe

  • strings_key

    5031c806169b48d93a79100688ba0f46

  • url_paths

    /g8lvleE2z/index.php

rc4.plain

Signatures

  • Amadey family
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

Files

  • JaffaCakes118_dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78
    .exe windows:6 windows x86 arch:x86


    Code Sign

    Headers

    Sections