General

  • Target

    JaffaCakes118_dbfd67e807e62575f0f543aee6f869ade70a397c

  • Size

    528KB

  • MD5

    d8b7373cb54b34f3b725624365b1ee27

  • SHA1

    dbfd67e807e62575f0f543aee6f869ade70a397c

  • SHA256

    d54579acfb0e2fb0a84793e4606ca68604145561edc3546d1d8f94b56aea4c1b

  • SHA512

    ffc3a3a3e6718c8cd488b9150fe027f5747962b36c082d69860dcce65deef70fdca7eadf936746518cdeee2174fa8e7d4abebc423e20bb13a485a471b1537bbd

  • SSDEEP

    12288:VdijvDOg6psceaoJnx4URTVh2pwhdDHrU7Xowmyn/Jj:Np6aoJNNLL0Vma/Jj

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_dbfd67e807e62575f0f543aee6f869ade70a397c
    .zip

    Password: infected

  • f_00e1b2
    .zip
  • DLL/IA2Marshal.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    647a85e36e41699e332c1c106f975a6f


    Headers

    Imports

    Exports

    Sections

  • DLL/freebl3.dll
    .dll windows:6 windows x64 arch:x64

    8a564fee0e9aa5547525f921a1b23c12


    Headers

    Imports

    Exports

    Sections

  • Installer.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections