Overview

overview

10

Static

static

3

e2f85c3eb2...16.exe

windows7-x64

10

e2f85c3eb2...16.exe

windows10-2004-x64

10

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

GameVisualPlugin.dll

windows7-x64

1

GameVisualPlugin.dll

windows10-2004-x64

1

Mythogenes...in.dll

windows7-x64

1

Mythogenes...in.dll

windows10-2004-x64

1

Mythogenes...NE.exe

windows7-x64

3

Mythogenes...NE.exe

windows10-2004-x64

3

Mythogenes...em.dll

windows7-x64

1

Mythogenes...em.dll

windows10-2004-x64

1

Sellerier/...es.dll

windows7-x64

1

Sellerier/...es.dll

windows10-2004-x64

1

Sellerier/...le.dll

windows7-x64

1

Sellerier/...le.dll

windows10-2004-x64

1

StartNE.exe

windows7-x64

3

StartNE.exe

windows10-2004-x64

3

System.IO....em.dll

windows7-x64

1

System.IO....em.dll

windows10-2004-x64

1

System.Tex...es.dll

windows7-x64

1

System.Tex...es.dll

windows10-2004-x64

1

System.ValueTuple.dll

windows7-x64

1

System.ValueTuple.dll

windows10-2004-x64

1

dbdump.dll

windows7-x64

1

dbdump.dll

windows10-2004-x64

1

gmodule-2.0.dll

windows7-x64

1

gmodule-2.0.dll

windows10-2004-x64

1

icon-cli.html

windows7-x64

3

icon-cli.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8f53c4425f6546c0570e1893297ebc337d01017cc188803e303c53d106ebc501

  • Size

    24.6MB

  • MD5

    3e2f78eec8345e7f02e222c6e9269c91

  • SHA1

    a18ee3d2a5bb9e779258c22e06d8ff16f0adc37e

  • SHA256

    8f53c4425f6546c0570e1893297ebc337d01017cc188803e303c53d106ebc501

  • SHA512

    356c7d03c957bbeaa245439750bc1624b3c1d10b4212ae3d8d9b78685405a4ed4293cff352592dc422e00914a0d925b4d491a7fcb96dd7ccd14daedf8812d715

  • SSDEEP

    393216:E6Obvej1Z4DrJjMo6xvSCylTYo+mPnbRGi7nbvryfWh/T0P7HxdbyVfm:TQvepZCrxT6x97QbRGKLrcWRC7RxyVfm

Score
3/10

Malware Config

Signatures

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_8f53c4425f6546c0570e1893297ebc337d01017cc188803e303c53d106ebc501
    .zip

    Password: infected

  • e2f85c3eb27695e55e3377d8695f66791dc80a6cbb7b9b059b365c58b5b49d16
    .exe windows:4 windows x86 arch:x86

    61259b55b8912888e90f516ca08dc514


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Math.dll
    .dll windows:4 windows x86 arch:x86

    82274a6f12e4098899c6a675f5ce59d0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • Airways_8.bmp
    .jpg
  • ArtDeco_brown_21.bmp
    .jpg
  • Calced/Perquadrat/ArtDeco_brown_21.bmp
    .jpg
  • Calced/Perquadrat/Sigtes.Afs
  • Corbelled.Xen
  • GameVisualPlugin.dll
    .dll windows:6 windows x64 arch:x64

    ab8abcc1f30df0aad1e517f3b4de4618


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Mythogeneses/Highlandish/Tagalogs/Hulslib114/GameVisualPlugin.dll
    .dll windows:6 windows x64 arch:x64

    ab8abcc1f30df0aad1e517f3b4de4618


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Mythogeneses/Highlandish/Tagalogs/Hulslib114/StartNE.exe
    .exe windows:5 windows x86 arch:x86

    776e204b0fa32777af4a5881ea7474ac


    Code Sign

    Headers

    Imports

    Sections

  • Mythogeneses/Highlandish/Tagalogs/Hulslib114/System.IO.Compression.FileSystem.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Nedvrdiges/Lejlighedsdigte149/Lndelen192/Runt/Airways_8.bmp
    .jpg
  • Pseudogeneral/Rigsaeble/Droned/Miksende/huskattes.Eks
  • Sellerier/System.Text.Encoding.CodePages.dll
    .dll windows:4 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • Sellerier/System.ValueTuple.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Sellerier/application-x-firmware-symbolic.svg
  • Sellerier/audio-speakers-symbolic.symbolic.png
    .png
  • Sellerier/camera-hardware-disabled-symbolic.svg
  • Sellerier/computer.png
    .png
  • Sellerier/config.model.xml
    .xml
  • Sigtes.Afs
  • StartNE.exe
    .exe windows:5 windows x86 arch:x86

    776e204b0fa32777af4a5881ea7474ac


    Code Sign

    Headers

    Imports

    Sections

  • System.IO.Compression.FileSystem.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Text.Encoding.CodePages.dll
    .dll windows:4 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • System.ValueTuple.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • application-x-firmware-symbolic.svg
  • audio-speakers-symbolic.symbolic.png
    .png
  • camera-hardware-disabled-symbolic.svg
  • computer.png
    .png
  • config.model.xml
    .xml
  • dbdump.dll
    .dll windows:4 windows x64 arch:x64

    7fc7dab0e874d5e47761c7b188160756


    Headers

    Imports

    Exports

    Sections

  • drive-optical.png
    .png
  • edit-find.png
    .png
  • edit-undo-symbolic-rtl.svg
    .xml
  • emblem-default-symbolic.svg
  • emblem-important-symbolic.svg
  • emblem-photos-symbolic.symbolic.png
    .png
  • face-tired-symbolic.symbolic.png
    .png
  • folder-open.png
    .png
  • folder-symbolic.symbolic.png
    .png
  • format-indent-more.png
    .png
  • gmodule-2.0.dll
    .dll windows:6 windows x64 arch:x64

    7be49518f17af86e5ad757d6dfd9cdeb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • go-first-rtl.png
    .png
  • historya.txt
  • huskattes.Eks
  • icon-cli.icns
    .html
  • icona.ico
  • insert-text-symbolic.symbolic.png
    .png
  • lang-1048.dll
    .dll windows:6 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • libbrotlicommon.dll
    .dll .js windows:4 windows x64 arch:x64 polyglot

    ccb34e02e5bd568f952db5cabbf3e2a1


    Headers

    Imports

    Exports

    Sections

  • libidn2-0.dll
    .dll windows:4 windows x64 arch:x64

    d5398a8e48f555623b64fa51c3a63ef3


    Headers

    Imports

    Exports

    Sections

  • libpangoft2-1.0-0.dll
    .dll windows:4 windows x64 arch:x64

    e2b5ce9af9db7862bd8d7d2956b0eda4


    Headers

    Imports

    Exports

    Sections

  • mail-mark-important-symbolic.symbolic.png
    .png
  • media-optical-symbolic.symbolic.png
    .png
  • msado25.tlb
    .dll windows:10 windows x64 arch:x64


    Headers

    Sections

  • network-no-route-symbolic.svg
  • network-wireless-encrypted.png
    .png
  • nsis.nsi
  • osclientcerts.dll
    .dll windows:6 windows x64 arch:x64

    6549ea5d3c631aad7568de7c5e388e1d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • preferences-desktop-peripherals.png
    .png
  • preferences-desktop-screensaver-symbolic.symbolic.png
    .png
  • preferences-system-parental-controls-symbolic.symbolic.png
    .png
  • printer-network-symbolic.symbolic.png
    .png
  • remember.c
  • ro.txt
  • sidebar-show-symbolic.symbolic.png
    .png
  • sk.txt
  • system-file-manager-symbolic.symbolic.png
    .png
  • tp2p100x.sys
    .html
  • uGenUDF.dll
    .dll windows:5 windows x86 arch:x86

    56d1885a9e829fe9269601d6673efae3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • vmusbmouse.sys
    .html
  • xfixes-4.0.typelib
    .html
  • zoom-in.png
    .png