5ab27f1cfc5dc151c8d6a3a2b3d55726_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ab27f1cfc5dc151c8d6a3a2b3d55726_JaffaCakes118
Size

3.5MB
MD5

5ab27f1cfc5dc151c8d6a3a2b3d55726
SHA1

8281a0475ceb0f8616a2392a4b2860d111e327ea
SHA256

9cdd999ff02090e3732b1b9593adabb2c33b28c5cecb71bda98cc2e83efaa73f
SHA512

a8619afeffd8caaa38b24dffef8fbe52f28d82c7abfc1d077005e9c2ba827e5057d091e6733a8370dd7ae9ae3af9d65010ad7a170a4ef843ee80e0cc8563bd8e
SSDEEP

98304:D/+/dCfrxzBIZ5+M6BTS/BOk7moWM6Wjy0A7R:T+lCfC+Z2/3qMnFKR

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/Socut.Class.dll
unpack001/Bin/Socut.Data.dll

Files

5ab27f1cfc5dc151c8d6a3a2b3d55726_JaffaCakes118
.rar
Admin/Config.ascx
.js
Admin/FileList.ascx
Admin/GroupEdit.ascx
.js
Admin/GroupList.ascx
Admin/LessonAdd.ascx
Admin/LessonAdd1.ascx
.js
Admin/LessonAdd2.ascx
.js
Admin/LessonAdd3.ascx
.js
Admin/LessonFolder.ascx
.js
Admin/LessonList.ascx
.js
Admin/LessonListEdit.ascx
Admin/NewsAdd.ascx
.js
Admin/NewsList.ascx
Admin/PageAdd.ascx
.js
Admin/PageList.ascx
Admin/PageSubjectAdd.ascx
.js
Admin/PageSubjectList.ascx
Admin/RoomAdd.ascx
.js
Admin/RoomList.ascx
Admin/RoomSubject.ascx
.js
Admin/Upload.ascx
.js
Admin/UserChange.ascx
.js
Admin/UserList.ascx
.js
Admin/VIPList.ascx
.js
Admin/VIPopen.ascx
.js
Admin/cache.ascx
Admin/新云软件.url
.url
Ajax.aspx
Bin/Socut.Class.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\MY\Web\Socut.Class\Socut.Class\obj\Release\Socut.Class.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Socut.Data.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\MY\Web\Socut.Data\obj\Release\Socut.Data.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Socut.mdb
Default.aspx
.asp
Images/3.gif
.gif
Images/4.gif
.gif
Images/Face/00.gif
Images/Face/01.gif
Images/Face/02.gif
Images/Face/03.gif
Images/Face/04.gif
Images/Face/05.gif
Images/Face/06.gif
Images/Face/07.gif
Images/Face/08.gif
Images/Face/09.gif
Images/Face/10.gif
Images/Face/11.gif
Images/Face/12.gif
Images/Face/13.gif
Images/Face/14.gif
Images/Face/15.gif
Images/Face/16.gif
Images/Face/17.gif
Images/Face/18.gif
Images/Face/19.gif
Images/Face/20.gif
Images/Face/21.gif
Images/Face/22.gif
Images/Face/23.gif
Images/Face/24.gif
Images/Face/25.gif
Images/Face/26.gif
Images/Face/27.gif
Images/Face/28.gif
Images/Face/29.gif
Images/Face/30.gif
Images/Face/31.gif
Images/Face/32.gif
Images/Face/33.gif
Images/Face/34.gif
Images/Face/35.gif
Images/Face/36.gif
Images/Face/37.gif
Images/Face/38.gif
Images/Face/39.gif
Images/Face/40.gif
Images/Face/41.gif
Images/Face/42.gif
Images/Face/43.gif
Images/Face/44.gif
Images/Face/45.gif
Images/Face/46.gif
Images/Face/47.gif
Images/Face/48.gif
Images/Face/49.gif
Images/Face/50.gif
Images/Face/51.gif
Images/Face/52.gif
Images/Face/53.gif
Images/Face/54.gif
Images/Face/55.gif
Images/Face/56.gif
Images/Face/57.gif
Images/Face/58.gif
Images/Face/59.gif
Images/Face/60.gif
Images/Face/61.gif
Images/Face/62.gif
Images/Face/63.gif
Images/Face/Thumbs.db
Images/LOGO/Thumbs.db
Images/LOGO/orz6_com.gif
.gif
Images/LOGO/socut_com.gif
.gif
Images/Player/0.png
.png
Images/Player/1.png
.png
Images/Player/2.png
.png
Images/Player/3.png
.png
Images/Player/Thumbs.db
Images/T/0page.gif
.gif
Images/T/0ppt.gif
.gif
Images/T/Thumbs.db
Images/T/base.gif
.gif
Images/T/empty.gif
.gif
Images/T/folder.gif
.gif
Images/T/folderopen.gif
.gif
Images/T/join.gif
.gif
Images/T/joinbottom.gif
.gif
Images/T/line.gif
.gif
Images/T/minus.gif
.gif
Images/T/minusbottom.gif
.gif
Images/T/nolines_minus.gif
.gif
Images/T/nolines_plus.gif
.gif
Images/T/page.gif
.gif
Images/T/plus.gif
.gif
Images/T/plusbottom.gif
.gif
Images/T/ppt.gif
.gif
Images/T/spacer.gif
.gif
Images/T/video.gif
.gif
Images/Thumbs.db
Images/alert.gif
.gif
Images/ask.gif
.gif
Images/ask0.gif
.gif
Images/ask1.gif
.gif
Images/asklist.gif
.gif
Images/bank.swf
Images/choose.gif
.gif
Images/common.gif
.gif
Images/del.gif
.gif
Images/edit.gif
.gif
Images/group_0.gif
.gif
Images/group_1.gif
.gif
Images/learn.gif
.gif
Images/logo.gif
.gif
Images/no.gif
.gif
Images/off.gif
.gif
Images/ok.gif
.gif
Images/on.gif
.gif
Images/read.gif
.gif
Images/space.gif
.gif
Images/top0.gif
.gif
Images/top1.gif
.gif
Inc/Admin.Lesson.js
.js
Inc/Admin.LessonFolder.js
.js
Inc/Admin.css
Inc/Check.Login.js
.js
Inc/Check.Reg.js
.js
Inc/Checkbox.js
.js
Inc/ColorTable.js
.js
Inc/DatePicker/My97DatePicker.htm
.html .js polyglot
Inc/DatePicker/WdatePicker.js
.js
Inc/DatePicker/calendar.js
.js
Inc/DatePicker/config.js
.js
Inc/DatePicker/lang/en.js
.js
Inc/DatePicker/lang/zh-cn.js
.js
Inc/DatePicker/lang/zh-tw.js
.js
Inc/DatePicker/skin/WdatePicker.css
Inc/DatePicker/skin/datePicker.gif
.gif
Inc/DatePicker/skin/default/datepicker.css
Inc/DatePicker/skin/default/img.gif
.gif
Inc/DatePicker/skin/whyGreen/bg.jpg
.jpg
Inc/DatePicker/skin/whyGreen/datepicker.css
Inc/DatePicker/skin/whyGreen/img.gif
.gif
Inc/KindEditor/examples/index.css
Inc/KindEditor/kindeditor.js
.js
Inc/KindEditor/plugins/about.html
.html .js polyglot
Inc/KindEditor/plugins/emoticons/etc_01.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_02.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_03.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_04.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_05.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_06.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_07.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_08.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_09.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_10.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_11.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_12.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_13.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_14.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_15.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_16.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_17.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_18.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_19.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_20.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_21.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_22.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_23.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_24.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_25.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_26.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_27.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_28.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_29.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_30.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_31.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_32.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_33.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_34.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_35.gif
.gif
Inc/KindEditor/plugins/emoticons/etc_36.gif
.gif
Inc/KindEditor/plugins/file_manager/file_manager.css
Inc/KindEditor/plugins/file_manager/file_manager.html
.html
Inc/KindEditor/plugins/file_manager/file_manager.js
.js
Inc/KindEditor/plugins/file_manager/images/file-16.gif
.gif
Inc/KindEditor/plugins/file_manager/images/file-64.gif
.gif
Inc/KindEditor/plugins/file_manager/images/folder-16.gif
.gif
Inc/KindEditor/plugins/file_manager/images/folder-64.gif
.gif
Inc/KindEditor/plugins/file_manager/images/go-up.gif
.gif
Inc/KindEditor/plugins/flash.html
.html .js polyglot
Inc/KindEditor/plugins/image/image.html
.html .js polyglot
Inc/KindEditor/plugins/image/images/align_bottom.gif
.gif
Inc/KindEditor/plugins/image/images/align_left.gif
.gif
Inc/KindEditor/plugins/image/images/align_middle.gif
.gif
Inc/KindEditor/plugins/image/images/align_right.gif
.gif
Inc/KindEditor/plugins/image/images/align_top.gif
.gif
Inc/KindEditor/plugins/image/images/refresh.gif
.gif
Inc/KindEditor/plugins/link/link.html
.html .js polyglot
Inc/KindEditor/plugins/media.html
.html .js polyglot
Inc/KindEditor/plugins/plainpaste.html
.html .js polyglot
Inc/KindEditor/plugins/wordpaste.html
.html .js polyglot
Inc/KindEditor/skins/common/blank.gif
.gif
Inc/KindEditor/skins/common/editor.css
Inc/KindEditor/skins/common/flash.gif
.gif
Inc/KindEditor/skins/common/loading.gif
.gif
Inc/KindEditor/skins/common/media.gif
.gif
Inc/KindEditor/skins/common/rm.gif
.gif
Inc/KindEditor/skins/oxygen.css
Inc/KindEditor/skins/oxygen/oxygen.gif
.gif
Inc/KindEditor/skins/oxygen/oxygen.png
.png
Inc/KindEditor/skins/tinymce.css
Inc/KindEditor/skins/tinymce/tinymce.gif
.gif
Inc/KindEditor/skins/tinymce/tinymce.png
.png
Inc/Lesson.FLV.html
Inc/Lesson.PPT.Player.html
Inc/Lesson.PPT.html
Inc/Lesson.js
.js
Inc/Lesson1.Video.html
Inc/Licence.aspx
Inc/PPT.js
.js
Inc/Post.js
.js
Inc/Search.js
.js
Inc/Slide.js
.js
Inc/SlideLesson.js
.js
Inc/Socut.js
.js
Inc/Tree.js
.js
Inc/User.css
Inc/VIPgo.js
.js
Inc/iframe.js
Inc/kindeditor.css
Inc/kindeditor.js
.js
Inc/mootools/mootools-1.2.4-core-yc.js
.js
Inc/mootools/mootools-1.2.4.2-more.js
.js
Inc/online.js
.js
Inc/player.swf
Inc/tree.css
Inc/vcastr/beginEndImagePlugIn.swf
Inc/vcastr/javaScriptPlugIn.swf
Inc/vcastr/logoPlugIn.swf
Inc/vcastr/readme.txt
Inc/vcastr/vcastr.xml
Inc/vcastr/vcastr3.html
Inc/vcastr/vcastr3.swf
Inc/vcastr/vcastr3_w3c.html
Inc/vcastr/vcastr3_xml.html
Inc/vcastr/vcastr_javaScript_example.html
Language/ZH-CN/Admin.xml
Language/ZH-CN/User.xml
Room/Home.ascx
Room/Lesson.ascx
.js
Room/List.ascx
Room/News.ascx
Room/Page.ascx
Room/PageList.ascx
.html
Room/QuestionList.ascx
Room/QuestionView.ascx
.js
Room/Search.ascx
Room/Tips.ascx
Skin/1/$Css.css
Skin/1/$Default.html
.html
Skin/1/$Home_PageList.html
Skin/1/$Home_VIPList.html
Skin/1/$Images/$Css.css
Skin/1/$Images/$Lesson.jpg
.jpg
Skin/1/$Images/$Upload.css
Skin/1/$Images/$at.gif
.gif
Skin/1/$Images/$free.jpg
.jpg
Skin/1/$Images/$vip.jpg
.jpg
Skin/1/$Images/Thumbs.db
Skin/1/$Images/bg.gif
.gif
Skin/1/$Images/box.js
.js
Skin/1/$Images/css.css
Skin/1/$Images/dd.gif
.gif
Skin/1/$Images/icon0.gif
.gif
Skin/1/$Images/icon1.gif
.gif
Skin/1/$Images/icon10.gif
.gif
Skin/1/$Images/icon11.gif
.gif
Skin/1/$Images/icon12.gif
.gif
Skin/1/$Images/icon2.gif
.gif
Skin/1/$Images/icon3.gif
.gif
Skin/1/$Images/icon4.gif
.gif
Skin/1/$Images/icon5.gif
.gif
Skin/1/$Images/icon6.gif
.gif
Skin/1/$Images/icon7.gif
.gif
Skin/1/$Images/icon8.gif
.gif
Skin/1/$Images/icon9.gif
.gif
Skin/1/$Images/input.gif
.gif
Skin/1/$Images/link/003.gif
.gif
Skin/1/$Images/link/004.gif
.gif
Skin/1/$Images/link/007.gif
.gif
Skin/1/$Images/link/017.gif
.gif
Skin/1/$Images/link/022.gif
.gif
Skin/1/$Images/link/Thumbs.db
Skin/1/$Images/link/link.gif
.gif
Skin/1/$Images/loading.gif
.gif
Skin/1/$Images/logo.gif
.gif
Skin/1/$Images/photo/00.jpg
.jpg
Skin/1/$Images/photo/000.jpg
.jpg
Skin/1/$Images/photo/01.jpg
.jpg
Skin/1/$Images/photo/Thumbs.db
Skin/1/$Images/photo/image.gif
.gif
Skin/1/$Images/topbg.jpg
.jpg
Skin/1/$Images/topbg0.jpg
.jpg
Skin/1/$Images/vip.gif
.gif
Skin/1/$Room_List_1.html
.html
Skin/1/$Room_List_2.html
Skin/1/$Welcome_1.html
Skin/1/$Welcome_2.html
UP/0912/21/1818513900.jpg
.jpg
UP/0912/21/1818513901.jpg
.jpg
UP/0912/21/1818513902.jpg
.jpg
UP/0912/21/1819173900.jpg
.jpg
UP/0912/21/1819173901.jpg
.jpg
UP/0912/21/Thumbs.db
UP/0912/22/2122029840.jpg
.jpg
UP/0912/22/2122029841.jpg
.gif
UP/0912/22/21234100.jpg
.jpg
UP/0912/22/21234101.jpg
.jpg
UP/0912/22/21234102.jpg
.jpg
UP/0912/22/2124488590.gif
.gif
UP/0912/22/2124488591.gif
.gif
UP/0912/22/2124488592.png
.png
UP/0912/22/Thumbs.db
UP/0912/23/2004364370.flv
UP/0912/31/1443412030.gif
.gif
User/Alert.ascx
User/Ask.ascx
.js
User/Change.ascx
.js
User/Desk.ascx
User/Info.ascx
User/Pass.ascx
.js
User/Question.ascx
User/Reg.ascx
User/Room.ascx
User/login.ascx
Web.config
index.html
login.html
.html .js polyglot
升级程序/升级说明.txt
安装方法/1.IIS安装(示意图).gif
.gif
安装方法/2.新建虚拟目录.jpg
.jpg
安装方法/3.设置目录写入权限.jpg
.jpg
安装方法/Thumbs.db
安装方法/如果还不懂，请到这里下载视频教程.htm
安装方法/详细步骤.txt
用户手册/Thumbs.db
用户手册/logo源文件，修改后覆盖到skin目录.psd
用户手册/常见问题.txt
用户手册/改进记录.txt
用户手册/联系作者.txt
用户手册/音频说明.ra
系统介绍.txt

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 133KB - Virtual size: 133KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 133KB - Virtual size: 133KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B