Overview

overview

8

Static

static

3

HA_KylixRM-21_CZ.exe

windows7-x64

7

HA_KylixRM-21_CZ.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

$PLUGINSDIR/nsweb.dll

windows7-x64

3

$PLUGINSDIR/nsweb.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ce.dll

windows7-x64

3

$PLUGINSDI...ce.dll

windows10-2004-x64

3

$PLUGINSDIR/time.dll

windows7-x64

3

$PLUGINSDIR/time.dll

windows10-2004-x64

3

$PROGRAM_F...ta.dll

windows7-x64

7

$PROGRAM_F...ta.dll

windows10-2004-x64

7

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...52.exe

windows7-x64

8

$PROGRAM_F...52.exe

windows10-2004-x64

8

$SYSDIR/comfocus.exe

windows7-x64

1

$SYSDIR/comfocus.exe

windows10-2004-x64

1

$SYSDIR/drmclien.dll

windows7-x64

1

$SYSDIR/drmclien.dll

windows10-2004-x64

1

$SYSDIR/hasfocus.exe

windows7-x64

1

$SYSDIR/hasfocus.exe

windows10-2004-x64

1

$SYSDIR/lame_enc.dll

windows7-x64

3

$SYSDIR/lame_enc.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4cabc8a1afa32ea7740db263f11726e_JaffaCakes118

  • Size

    8.2MB

  • MD5

    f4cabc8a1afa32ea7740db263f11726e

  • SHA1

    678ff5d3c231e2a782ffbc4416bcc10ad56194a5

  • SHA256

    bee9851460352c671052facee90ee2bec0a18d1e7625fa4beccddc3f5bc654de

  • SHA512

    802327a758b13430538becaf64049ab27721fb5e9d75c4ae98b5a9ae28776aad5bfcef418c65c8e8469e77e1e7586d1b539d2754b1c6f1b12f2f539950072821

  • SSDEEP

    196608:wQNYZA70Wz2+lD1tRVmCJDuzDjFzmOH6QCM2BIJLHQYBaGYJI77x:tY657friDFmy6WgIJbQdGC87x

Score
3/10

Malware Config

Signatures

  • Unsigned PE 37 IoCs

    Checks for missing Authenticode signature.

Files

  • f4cabc8a1afa32ea7740db263f11726e_JaffaCakes118
    .rar
  • HA_KylixRM-21_CZ.EXE
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/installoptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/killprocdll.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsWeb.dll
    .dll windows:4 windows x86 arch:x86

    d12ed83df3a4aa87887f14a225ff95d4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsweb.dll
    .dll windows:4 windows x86 arch:x86

    d12ed83df3a4aa87887f14a225ff95d4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/startmenu.dll
    .dll windows:4 windows x86 arch:x86

    7d85f9c30f9e87a65fff848de2c96ac1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/system.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/textreplace.dll
    .dll windows:4 windows x86 arch:x86

    68af796cbe4fdd2d5baf33b0af9aa583


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/time.dll
    .dll windows:4 windows x86 arch:x86

    5c9a5d5468ec62f250171c012eda3c26


    Headers

    Imports

    Exports

    Sections

  • $PROGRAM_FILES/Baidu/bar/TempData.KGB
    .dll regsvr32 windows:4 windows x86 arch:x86

    6ccb2c8e98669e1c49478ccdae8356ae


    Headers

    Imports

    Exports

    Sections

  • $PROGRAM_FILES/Baidu/bar/baidubar.dat
  • $PROGRAM_FILES/Baidu/bar/baidubar.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    6ccb2c8e98669e1c49478ccdae8356ae


    Headers

    Imports

    Exports

    Sections

  • $PROGRAM_FILES/Baidu/bar/img/imglist.bmp
  • $PROGRAM_FILES/Baidu/bar/img/logo.bmp
  • $PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
    .exe windows:4 windows x86 arch:x86

    d31173ca8ec2d5e26170e3b96a28428f


    Headers

    Imports

    Sections

  • $SYSDIR/comfocus.exe
    .exe windows:4 windows x86 arch:x86

    696b5dc1e295cfd42711a127361e7d24


    Headers

    Imports

    Sections

  • $SYSDIR/drmclien.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    b6197c892b89fe5446bbc8173b22dadb


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/hasfocus.exe
    .exe windows:4 windows x86 arch:x86

    4cfe5195ed61033833b40b1419cd3af9


    Headers

    Imports

    Sections

  • $SYSDIR/lame_enc.dll
    .dll windows:4 windows x86 arch:x86

    565a637bdfa41f757eca29de1ab5be3f


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/mp4lib.dll
    .dll windows:4 windows x86 arch:x86

    225cc0ff4ea2f8d78e17065da1056b24


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/msdmo.dll
    .dll windows:5 windows x86 arch:x86

    80729d97f70b0cfc03ed1d805d44a9ad


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/msdxm.ocx
    .dll regsvr32 windows:5 windows x86 arch:x86

    679896098842047b8c2d59c2fff2c5ee


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/multimedia.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5275809795a48e23ba8ba0d13f9e4505


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/setfocus.exe
    .exe windows:4 windows x86 arch:x86

    339a5b2cae78490bea1f63a72ac513c4


    Headers

    Imports

    Sections

  • $SYSDIR/skinplusplusdll.dll
    .dll windows:4 windows x86 arch:x86

    b157ea70776fe0e927eda95383c735fa


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/sysfocus.exe
    .exe windows:4 windows x86 arch:x86

    5034136ac95e18de0f680cec48568ac4


    Headers

    Imports

    Sections

  • $SYSDIR/wavdest.ax
    .dll regsvr32 windows:4 windows x86 arch:x86

    ebc67b3b029519cab5f4a4924dad9fae


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/winfocus.exe
    .exe windows:4 windows x86 arch:x86

    450e40d3e3846c8a5f5b8ba2fd1bad78


    Headers

    Imports

    Sections

  • $SYSDIR/wmasf.dll
    .dll windows:5 windows x86 arch:x86

    0b8061d79ca8b50cd8e040cb2c38aa0e


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/wmidx.dll
    .dll windows:5 windows x86 arch:x86

    216bf23e2d69715e4caf584a31a46fe1


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/wmvcore.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    f3b2594c4c3ce0782785e95fce6c17a4


    Headers

    Imports

    Exports

    Sections

  • $TEMP/Kylix Ringtone Maker Setup Part2/krmpart2.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • Lang2052.DAT
    .exe windows:4 windows x86 arch:x86

    d31173ca8ec2d5e26170e3b96a28428f


    Headers

    Imports

    Sections

  • blanco.ssk
  • buy now.url
  • chinese.lag
  • coolskye.ssk
  • dada - final.ssk
  • drmclien.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    b6197c892b89fe5446bbc8173b22dadb


    Headers

    Imports

    Exports

    Sections

  • english.lag
  • file,diz.thx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • helpeng/contacts.htm
    .html
  • helpeng/faqs.htm
    .html
  • helpeng/get_started.htm
    .html
  • helpeng/getting_started.htm
    .html
  • helpeng/images/btn_back_large.gif
  • helpeng/images/btn_back_small.gif
  • helpeng/images/btn_convert.gif
  • helpeng/images/btn_cur.gif
  • helpeng/images/btn_end.gif
  • helpeng/images/btn_for_large.gif
  • helpeng/images/btn_for_small.gif
  • helpeng/images/btn_help.gif
  • helpeng/images/btn_mic.gif
  • helpeng/images/btn_open.gif
  • helpeng/images/btn_opt.gif
  • helpeng/images/btn_play.gif
  • helpeng/images/btn_reg.gif
  • helpeng/images/btn_save.gif
  • helpeng/images/btn_start.gif
  • helpeng/images/btn_stop.gif
  • helpeng/images/btn_stop_rec.gif
  • helpeng/images/btn_wave.gif
  • helpeng/images/btns_end.gif
  • helpeng/images/btns_start.gif
  • helpeng/images/main1.gif
  • helpeng/images/main1_small.gif
  • helpeng/images/main2.gif
  • helpeng/images/main2_small.gif
  • helpeng/images/main3.gif
  • helpeng/images/main3_small.gif
  • helpeng/images/main4.gif
  • helpeng/images/main4_small.gif
  • helpeng/images/main5.gif
  • helpeng/images/main5_small.gif
  • helpeng/images/main_wizard_ringtone.jpg
    .jpg
  • helpeng/images/options.gif
  • helpeng/images/registration.gif
  • helpeng/images/ringtone_converter.gif
  • helpeng/images/screenshots.rar
    .rar
  • main1.gif
  • main2.gif
  • main3.gif
  • main4.gif
  • main5.gif
  • helpeng/images/vol_play.gif
  • helpeng/images/vol_record.gif
  • helpeng/images/waveform.gif
  • helpeng/index.htm
    .html
  • helpeng/installation.htm
    .html
  • helpeng/introduction.htm
    .html
  • helpeng/menu.htm
    .html
  • helpeng/options.htm
    .html
  • helpeng/produce_ringtone.htm
    .html
  • helpeng/registration.htm
    .html
  • helpeng/requirements.htm
    .html
  • kylixsoft.url
  • license.txt
  • minimized.ssk
  • order.url
  • readme.txt
  • ringtonemaker.exe
    .exe windows:4 windows x86 arch:x86

    d06a52ba9fa883bce196f477ebd140c4


    Headers

    Imports

    Sections

  • ringtonemaker.exe.manifest
    .xml
  • ringtonemaker.ini
  • ringtonemaker.rmf
  • softcrystal.ssk
  • software website.url
  • stealthos.ssk
  • topax.ssk
  • uninst.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/killprocdll.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PROGRAM_FILES/Baidu/bar/TempData.KGB
    .dll regsvr32 windows:4 windows x86 arch:x86

    6ccb2c8e98669e1c49478ccdae8356ae


    Headers

    Imports

    Exports

    Sections

  • $PROGRAM_FILES/Baidu/bar/baidubar.dat
  • $PROGRAM_FILES/Baidu/bar/img/imglist.bmp
  • $PROGRAM_FILES/Baidu/bar/img/logo.bmp
  • vladstudio.ssk
  • winfocus.exe
    .exe windows:4 windows x86 arch:x86

    450e40d3e3846c8a5f5b8ba2fd1bad78


    Headers

    Imports

    Sections

  • xpcorona.ssk
  • ˵.txt
  • ⷴ.url
  • 下载说明.htm
    .html .js polyglot
  • 安装说明.txt
  • 非常世纪资源网.url
    .url