Overview

overview

10

Static

static

6

captured_m...lK.exe

windows7-x64

10

captured_m...lK.exe

windows10-2004-x64

10

captured_m...gn.apk

android-9-x86

captured_m...22.apk

windows7-x64

3

captured_m...22.apk

windows10-2004-x64

3

captured_m...22.apk

android-9-x86

captured_m...22.apk

android-9-x86

captured_m...22.apk

android-9-x86

captured_m...cE.exe

windows7-x64

10

captured_m...cE.exe

windows10-2004-x64

10

captured_m...ak.exe

windows7-x64

10

captured_m...ak.exe

windows10-2004-x64

10

captured_m...ly.exe

windows7-x64

8

captured_m...ly.exe

windows10-2004-x64

10

captured_m...Ql.exe

windows7-x64

10

captured_m...Ql.exe

windows10-2004-x64

10

captured_m...tU.exe

windows7-x64

10

captured_m...tU.exe

windows10-2004-x64

10

captured_m...2z.exe

windows7-x64

3

captured_m...2z.exe

windows10-2004-x64

3

captured_m...MU.exe

windows7-x64

10

captured_m...MU.exe

windows10-2004-x64

10

captured_m...EU.exe

windows7-x64

3

captured_m...EU.exe

windows10-2004-x64

3

captured_m...Gs.exe

windows7-x64

3

captured_m...Gs.exe

windows10-2004-x64

3

captured_m...i6.exe

windows7-x64

3

captured_m...i6.exe

windows10-2004-x64

3

captured_m...CW.exe

windows7-x64

10

captured_m...CW.exe

windows10-2004-x64

10

captured_m...s6.exe

windows7-x64

10

captured_m...s6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
error processing APK: zip: not a valid zip file

General

  • Target

    JaffaCakes118_358c99f5f11faa788a617eae44e7d676dfbf51ba3f1cc0348f03676f7ceea8ee

  • Size

    701.8MB

  • MD5

    6b00ac8658b112ea80a2e5cb0e44f41d

  • SHA1

    9c2aa45e700cb5578ada4881e36bda7ebaf39e1a

  • SHA256

    358c99f5f11faa788a617eae44e7d676dfbf51ba3f1cc0348f03676f7ceea8ee

  • SHA512

    2fa3db5e0107371c7a9326389ce19e51a4238a7be9a080c717136f37c7b9b491c94f66ea8c481567f96b9fc28249d9d4aeb137f50ae70fa44158da3be0d8b92f

  • SSDEEP

    12582912:wO9mQzDbRO9pO9VO9CO9rO9IRBO92O9uO9+Z0/WADFxO9aO9VO96O9apnKO9wO9j:xbDbeW6rgSOnfmoWADAj6DSx8s

Score
6/10
upx

Malware Config

Signatures

  • Requests dangerous framework permissions 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 24 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_358c99f5f11faa788a617eae44e7d676dfbf51ba3f1cc0348f03676f7ceea8ee
    .zip
  • captured_malware/1Ptfo0FZUMT7hlK.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/20210731_resign.apk
    .apk android arch:arm

    com.pfqjp0ubz.qke055sf1.ap76zaf

    com.pfqjp0ubz.qke055sf1.ap76zaf.Rcb88bc


  • captured_malware/33722.apk
  • captured_malware/33722.apk.1
    .apk android arch:arm

    com.mghs.hxkeghs26

    com.ch.myframe.ui.activity.start.CheckActivity


  • captured_malware/33722.apk.2
    .apk android arch:arm

    com.mghs.hxkeghs26

    com.ch.myframe.ui.activity.start.CheckActivity


  • captured_malware/33722.apk.3
    .apk android arch:arm

    com.mghs.hxkeghs26

    com.ch.myframe.ui.activity.start.CheckActivity


  • captured_malware/5KNTQd5xFuY7hcE.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/6Dy0Bg4B9kkMsak.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/6th july.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/77KpMaGlUit8zQl.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/BuXTaVVWA5WdvtU.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/DBti7kFcOLHaK2z.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/EMU.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/EgVhr9cVP2SFBEU.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/Hlt9VTppbZE9UGs.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/KVxnEZMWrmek1i6.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/P0weOPjsmVN5OCW.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/YCUMy7OsLy2HRs6.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/a5068f44-8a24-4657-b285-fe457a5b9429.apk
    .apk android arch:arm

    w2a.W2Ajscw.vx830.com

    io.dcloud.PandoraEntry


  • captured_malware/amwnsr.apk
    .apk android arch:arm arch:x86

    com.goujiao

    com.xbzhangshi.mvp.home.SplashActivity


  • captured_malware/benu.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/diqiuav.apk
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.1
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.10
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.11
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.12
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.13
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.14
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.2
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.3
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.4
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.5
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.6
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.6.1
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.7
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.8
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/diqiuav.apk.9
    .apk android arch:arm64 arch:arm

    uni.UNIA97711E

    io.dcloud.PandoraEntry


  • captured_malware/dns.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • captured_malware/dnshelper.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • captured_malware/dnshelper.exe.1
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • captured_malware/h0AuDqUVLDrtpzq.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/hWUsDVx5V2Kte0B.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/kkpoker3.9.0.apk
    .apk android arch:arm arch:x86

    com.dreamoeju.kkpoker

    com.unity3d.player.UnityPlayerActivity


  • captured_malware/kkpoker_setup.exe
    .exe windows:4 windows x86 arch:x86

    ad9d11227a86b863e31ddf6019cc7ab5


    Headers

    Imports

    Sections

  • captured_malware/lLwIMX6OKZZo7VL.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/malware.txt
  • captured_malware/promise.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/pscueWLrAI893Mm.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • captured_malware/shuihust.exe
    .exe windows:6 windows x86 arch:x86

    93b8e6bc75e67ae4060f162e5cefcf18


    Code Sign

    Headers

    Imports

    Sections

  • captured_malware/tukur.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections