Overview

overview

7

Static

static

7

441edc06ed...18.exe

windows7-x64

7

441edc06ed...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

1

$PLUGINSDI...sh.dll

windows10-2004-x64

1

AddIn/VisLrc.dll

windows7-x64

3

AddIn/VisLrc.dll

windows10-2004-x64

3

AddIn/VisLrc.dll

windows7-x64

7

AddIn/VisLrc.dll

windows10-2004-x64

7

Codecs/Col...er.dll

windows7-x64

1

Codecs/Col...er.dll

windows10-2004-x64

1

Codecs/Rea...er.dll

windows7-x64

1

Codecs/Rea...er.dll

windows10-2004-x64

1

Codecs/asf...er.dll

windows7-x64

1

Codecs/asf...er.dll

windows10-2004-x64

1

Codecs/atrc.dll

windows7-x64

1

Codecs/atrc.dll

windows10-2004-x64

1

Codecs/cook.dll

windows7-x64

1

Codecs/cook.dll

windows10-2004-x64

1

Codecs/drvc.dll

windows7-x64

1

Codecs/drvc.dll

windows10-2004-x64

1

Codecs/raac.dll

windows7-x64

1

Codecs/raac.dll

windows10-2004-x64

1

Lang/en_US.dll

windows7-x64

1

Lang/en_US.dll

windows10-2004-x64

1

Lang/zh_TW.dll

windows7-x64

1

Lang/zh_TW.dll

windows10-2004-x64

1

NetAgent.dll

windows7-x64

1

NetAgent.dll

windows10-2004-x64

3

QvodInsert.dll

windows7-x64

1

QvodInsert.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    441edc06edc9a7c34e587cf3b25ee546_JaffaCakes118

  • Size

    1.7MB

  • MD5

    441edc06edc9a7c34e587cf3b25ee546

  • SHA1

    d1641f4c5937460fefef5ef9dca4fbce31923320

  • SHA256

    1f2405740435571205a1a46fb269655fd16c471c339e9955497d9d4269f384b7

  • SHA512

    2a72784b30ca9a0e18bedbd90e0188c5c74867868196f1a7a6c517f6eaa7d159f398a465bfa075d5fbed74a858777f0729383f65f3af5897c8026f63ba9a7b2d

  • SSDEEP

    49152:KJ0c+hkSNbLjlFYa9QMLA5j4YcGb1S6w5WW:gxalbLjHY4Qjl1u

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 15 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 441edc06edc9a7c34e587cf3b25ee546_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NewAdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    eee37c14e102da3f62385f9796c701ce


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/shanping.jpg
    .jpg
  • AddIn/VisLrc.dll
    .dll windows:4 windows x86 arch:x86

    405f85e6c10ba505edbac8ea83c4ca8c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • AddIn/VisLrc.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • Codecs/ColorFilter.ax
    .dll regsvr32 windows:4 windows x86 arch:x86

    d6358db2b2f2325d29c23c3433a0656f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Codecs/RealMediaSplitter.ax
    .dll regsvr32 windows:4 windows x86 arch:x86

    092c362fafa1e9277558c0e5612fdfba


    Headers

    Imports

    Exports

    Sections

  • Codecs/asfsplliter.ax
    .dll regsvr32 windows:4 windows x86 arch:x86

    61540ae4d5f1fe29babe6b430f77a241


    Headers

    Imports

    Exports

    Sections

  • Codecs/atrc.dll
    .dll windows:4 windows x86 arch:x86

    5132cde9ac8899a69f40dfaacc320c4d


    Headers

    Imports

    Exports

    Sections

  • Codecs/cook.dll
    .dll windows:4 windows x86 arch:x86

    7186ef18b8145b9efacd73914d40cee0


    Headers

    Imports

    Exports

    Sections

  • Codecs/drvc.dll
    .dll windows:4 windows x86 arch:x86

    5d841dc9603dda4e7058b842c1dedbfc


    Headers

    Imports

    Exports

    Sections

  • Codecs/f4v.swf
  • Codecs/raac.dll
    .dll windows:4 windows x86 arch:x86

    2569b16af6a5e82c06ef6aed87f5e148


    Headers

    Imports

    Exports

    Sections

  • Lang/en_US.dll
    .dll windows:4 windows x86 arch:x86

    5c54715227e960c5019e7a45d4b9d02a


    Headers

    Imports

    Sections

  • Lang/zh_TW.dll
    .dll windows:4 windows x86 arch:x86

    5c54715227e960c5019e7a45d4b9d02a


    Headers

    Imports

    Sections

  • NetAgent.dll
    .dll windows:4 windows x86 arch:x86

    f618d4cb4d41a461355f2eab6ae077ff


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Playlist/Channel.xml
  • Playlist/Mediacenter.xml
  • Playlist/Playlist.xml
  • Playlist/QvodSearch.xml
    .xml
  • Playlist/Qvodhash.xml
    .xml
  • Playlist/Text.xml
    .xml
  • QvodCfg.ini
  • QvodInsert.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    b56249f6a8367bd8180830f0dae71472


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • QvodPlayer.exe
    .exe windows:4 windows x86 arch:x86

    2abfce40897f3cfc19cfe1b196778076


    Code Sign

    Headers

    Imports

    Sections

  • QvodPlayer.xml
  • QvodTerminal.exe
    .exe windows:4 windows x86 arch:x86

    ab3720bea80ad42dc7af1b82fad3592a


    Code Sign

    Headers

    Imports

    Sections

  • Skin/Logo.bmp
  • Skin/new_yryh.xml
    .xml
  • Skin/new_yryh/back1.bmp
  • Skin/new_yryh/back_mid.bmp
  • Skin/new_yryh/bottom.bmp
  • Skin/new_yryh/bottomleft.bmp
  • Skin/new_yryh/bottomright.bmp
  • Skin/new_yryh/caption.bmp
  • Skin/new_yryh/captionright.bmp
  • Skin/new_yryh/close.bmp
  • Skin/new_yryh/full.bmp
  • Skin/new_yryh/icon.bmp
  • Skin/new_yryh/ie_back_mid.bmp
  • Skin/new_yryh/ie_infofull.bmp
  • Skin/new_yryh/info.bmp
  • Skin/new_yryh/infofull.bmp
  • Skin/new_yryh/left.bmp
  • Skin/new_yryh/left_bottom.bmp
  • Skin/new_yryh/listbutton.bmp
  • Skin/new_yryh/listbutton2.bmp
  • Skin/new_yryh/max.bmp
  • Skin/new_yryh/media_files.bmp
  • Skin/new_yryh/media_files_2.bmp
  • Skin/new_yryh/media_info.bmp
  • Skin/new_yryh/media_search.bmp
  • Skin/new_yryh/media_sham.bmp
  • Skin/new_yryh/media_sham_2.bmp
  • Skin/new_yryh/media_websearch.bmp
  • Skin/new_yryh/mediaback.bmp
  • Skin/new_yryh/mediaeditdel.bmp
  • Skin/new_yryh/mediare.bmp
  • Skin/new_yryh/mediatolist.bmp
  • Skin/new_yryh/mediatree.bmp
  • Skin/new_yryh/menu.bmp
  • Skin/new_yryh/min.bmp
  • Skin/new_yryh/mtk.bmp
  • Skin/new_yryh/mute.bmp
  • Skin/new_yryh/mute2.bmp
  • Skin/new_yryh/next.bmp
  • Skin/new_yryh/nowplay.bmp
  • Skin/new_yryh/open.bmp
  • Skin/new_yryh/pause.bmp
  • Skin/new_yryh/play.bmp
  • Skin/new_yryh/playlist_toolbar.bmp
  • Skin/new_yryh/playlisticon.bmp
  • Skin/new_yryh/pre.bmp
  • Skin/new_yryh/processp.bmp
  • Skin/new_yryh/processp_left.bmp
  • Skin/new_yryh/processp_right.bmp
  • Skin/new_yryh/progress.bmp
  • Skin/new_yryh/progress_point_a.bmp
  • Skin/new_yryh/progress_point_b.bmp
  • Skin/new_yryh/progress_thumb.bmp
  • Skin/new_yryh/reold.bmp
  • Skin/new_yryh/right.bmp
  • Skin/new_yryh/right_bottom.bmp
  • Skin/new_yryh/scroll_back.bmp
  • Skin/new_yryh/scroll_back_h.bmp
  • Skin/new_yryh/scroll_down.bmp
  • Skin/new_yryh/scroll_left.bmp
  • Skin/new_yryh/scroll_limit.bmp
  • Skin/new_yryh/scroll_limit_h.bmp
  • Skin/new_yryh/scroll_right.bmp
  • Skin/new_yryh/scroll_up.bmp
  • Skin/new_yryh/search_botton.bmp
  • Skin/new_yryh/search_botton_2.bmp
  • Skin/new_yryh/search_full.bmp
  • Skin/new_yryh/stop.bmp
  • Skin/new_yryh/tab.bmp
  • Skin/new_yryh/tab1.bmp
  • Skin/new_yryh/tab_search_fill.bmp
  • Skin/new_yryh/tabs_left.bmp
  • Skin/new_yryh/tabs_mid.bmp
  • Skin/new_yryh/tabs_right.bmp
  • Skin/new_yryh/top.bmp
  • Skin/new_yryh/topleft.bmp
  • Skin/new_yryh/topright.bmp
  • Skin/new_yryh/volume.bmp
  • Skin/new_yryh/volumeb.bmp
  • Skin/new_yryh/volumep.bmp
  • Viewdata/ĿƼ.swf
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections