Overview

overview

7

Static

static

7

AxInterop.SHDocVw.dll

windows7-x64

1

AxInterop.SHDocVw.dll

windows10-2004-x64

1

Data/新云软件.url

windows7-x64

1

Data/新云软件.url

windows10-2004-x64

1

Interop.SHDocVw.dll

windows7-x64

1

Interop.SHDocVw.dll

windows10-2004-x64

1

LocoyAutoUpdate.exe

windows7-x64

1

LocoyAutoUpdate.exe

windows10-2004-x64

1

LocoyBugReport.exe

windows7-x64

1

LocoyBugReport.exe

windows10-2004-x64

1

LocoyChinese.dll

windows7-x64

1

LocoyChinese.dll

windows10-2004-x64

1

LocoyCommon.dll

windows7-x64

1

LocoyCommon.dll

windows10-2004-x64

1

LocoyDBOperator.dll

windows7-x64

1

LocoyDBOperator.dll

windows10-2004-x64

1

LocoyDatabase.exe

windows7-x64

1

LocoyDatabase.exe

windows10-2004-x64

1

LocoyFileD...er.dll

windows7-x64

1

LocoyFileD...er.dll

windows10-2004-x64

1

LocoyFullText.dll

windows7-x64

1

LocoyFullText.dll

windows10-2004-x64

1

LocoyListView.dll

windows7-x64

1

LocoyListView.dll

windows10-2004-x64

1

LocoyLog.dll

windows7-x64

1

LocoyLog.dll

windows10-2004-x64

1

LocoyModule.exe

windows7-x64

1

LocoyModule.exe

windows10-2004-x64

1

LocoyNotify.dll

windows7-x64

1

LocoyNotify.dll

windows10-2004-x64

1

LocoyPostGet.exe

windows7-x64

1

LocoyPostGet.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d6824db7a9b57b9eed6322906cdb99c_JaffaCakes118

  • Size

    6.9MB

  • MD5

    0d6824db7a9b57b9eed6322906cdb99c

  • SHA1

    34dedb068dad72899fbf17e2611e86088ddfd6b6

  • SHA256

    5518980510be79f425518145724d0e7f7564854667cdb8b7d9f6c0112401eebd

  • SHA512

    1dff5848012cdb25071c1c03ea250f1772106b2bee9539b5207b7d5d75c0cf2d7300bb6b425e14c7f8ca73578d70793b6df11b5e0d1dab8e332a84404623d92a

  • SSDEEP

    196608:hovXLc6gYRyjSq6vTKyygM8zsEda4SJtMzKD0/9+grd:8gA55vTKxgM+sEdDSJuKDgR

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 27 IoCs

    Checks for missing Authenticode signature.

Files

  • 0d6824db7a9b57b9eed6322906cdb99c_JaffaCakes118
    .rar
  • AxInterop.SHDocVw.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Data/1-SP3_站长茶馆_fatfox/SpiderResult.mdb
  • Data/2-sp3-日韩新闻/SpiderResult.mdb
  • Data/3-DZ采集了回复/SpiderResult.mdb
  • Data/4-mm8性感美女/SpiderResult.mdb
  • Data/5-测试论坛附件下载/SpiderResult.mdb
  • Data/6-测试缩略图屏蔽和多页迅雷下载功能/SpiderResult.mdb
  • Data/7-图片站_okxr(分页+下载)/SpiderResult.mdb
  • Data/8-笑话/SpiderResult.mdb
  • Data/9-笑话大全_iq888(分词+拼音)/SpiderResult.mdb
  • Data/新云软件.url
    .url
  • Interop.SHDocVw.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyAutoUpdate.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyBugReport.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyChinese.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyCommon.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyDBOperator.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyDatabase.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyFileDownloader.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyFullText.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyListView.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyLog.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyModule.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyNotify.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyPostGet.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoySpider.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • LocoySpider.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyTreeList.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyWebBrowser.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyWebCMS.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyWebThunderFlashGet.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LocoyXMLOperator.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LocoyZip.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Logs/log.config
    .xml
  • Microsoft.mshtml.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Module/BBSXP 2007.cwr
  • Module/Bo-Blog 2.1.3 sp1.cwr
  • Module/DedeCMS 4.0.cwr
  • Module/DedeCms OX_4_0RC1_article.jhc
  • Module/Discuz 5.X.cwr
  • Module/Discuz! 6.0.0.cwr
  • Module/HBcms 0.9.X.cwr
  • Module/NB3.00.jhc
  • Module/PHP168 4.0前台登陆.cwr
  • Module/PHPCMS2007.jhc
  • Module/PHPWind 6.0.0RC.cwr
  • Module/PHPwind 5.3.cwr
  • Module/VeryCMS 3.0.cwr
  • Module/X-Space 3.0.2.cwr
  • Module/iwms网奇4.6.cwr
  • Module/phpcms2007_article.cwr
  • Module/powereasy2006.jhc
  • Module/更多模块在bbs.locoy.com模块区搜索.cwr
  • MySql.Data.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • PageUrl/Site_1.mdb
  • System/AutoUpdaterList.xml
    .xml
  • System/CmsTestLabel.xml
  • System/Config.mdb
  • System/DataSample.mdb
  • System/DatabaseTestLabel.xml
  • System/MachineCode.txt
  • System/PageUrlSample.mdb
  • System/TestModule.html
    .html .js polyglot
  • System/config.ini
  • System/encoding.txt
  • System/flow.jpg
    .jpg
  • System/html_tpl.html
    .html
  • System/logo.jpg
    .jpg
  • Temp/LoadRule.xml
  • Temp/gg1.gif
    .gif
  • Temp/gg2.gif
    .gif
  • help.chm
    .chm
  • log4net.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • mtapi.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • 使用必读.txt
  • 更新说明.txt