Overview

overview

7

Static

static

3

5bd2432df4...18.exe

windows7-x64

7

5bd2432df4...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

1

$R2/NSIS.L...3_.exe

windows7-x64

1

$R2/NSIS.L...3_.exe

windows10-2004-x64

1

$TEMP/CloudAssist.exe

windows7-x64

1

$TEMP/CloudAssist.exe

windows10-2004-x64

1

$TEMP/Clou...fo.exe

windows7-x64

1

$TEMP/Clou...fo.exe

windows10-2004-x64

1

$TEMP/CloudServer.exe

windows7-x64

1

$TEMP/CloudServer.exe

windows10-2004-x64

1

$TEMP/CloudTool.exe

windows7-x64

1

$TEMP/CloudTool.exe

windows10-2004-x64

1

$TEMP/LongRADrv.sys

windows7-x64

1

$TEMP/LongRADrv.sys

windows10-2004-x64

1

$TEMP/LongRADrv2K.sys

windows7-x64

1

$TEMP/LongRADrv2K.sys

windows10-2004-x64

1

7zxr.dll

windows7-x64

1

7zxr.dll

windows10-2004-x64

1

CloudAssist.exe

windows7-x64

1

CloudAssist.exe

windows10-2004-x64

1

CloudFun.dll

windows7-x64

1

CloudFun.dll

windows10-2004-x64

1

CloudFun2.dll

windows7-x64

1

CloudFun2.dll

windows10-2004-x64

1

CloudServer.exe

windows7-x64

1

CloudServer.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bd2432df4a5a6a4ff0b7a2c579f7a43_JaffaCakes118

  • Size

    2.9MB

  • MD5

    5bd2432df4a5a6a4ff0b7a2c579f7a43

  • SHA1

    390d257a9115eeb22e0ea087726ee02223439a79

  • SHA256

    fc94db5b7a5ab083b2f3578c8e48b03a57d128dafc325d880c2293c0c4f6f2fa

  • SHA512

    0a1ea58fef683333e22226c679c39de96037a3f1993d346d3f908101d6a1d9ff055a4996d423b6b9640c5de0b7e769208e269e247d7486a177adcaa0a7a9639f

  • SSDEEP

    49152:W5Xe2U2qMg0cI7RjbXPBVlJic2OAK3UNTGA/SOrqOFgFplHFvaffJLCa:eXeZMyWbXZJi2ENDKQjFgHlHRw

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 5bd2432df4a5a6a4ff0b7a2c579f7a43_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/dirrequest.ini
  • $PLUGINSDIR/finishpage.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/shortcuts.ini
  • $R0
    .dll regsvr32 windows:4 windows x86 arch:x86

    5bdb0074cd7e342ecebede7bb77cb2fb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $R2/NSIS.Library.RegTool.v3.$_13_.exe
    .exe windows:4 windows x86 arch:x86

    a56a9c58ddb2b2da8fde66551747ce70


    Headers

    Imports

    Sections

  • $TEMP/CloudAssist.exe
    .exe windows:4 windows x86 arch:x86

    c9eeed69e07eb601cfd01dadcfe86033


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/CloudExtractExpandInfo.exe
    .exe windows:4 windows x86 arch:x86

    2cba83ba4bbcfb38e19cd88bca1cbd64


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/CloudServer.exe
    .exe windows:4 windows x86 arch:x86

    17de4b7c3b2f57feae8522764ffc4798


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/CloudTool.exe
    .exe windows:4 windows x86 arch:x86

    45c2417c744386b25ce6d4e558f02974


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/LongRADrv.sys
    .sys windows:5 windows x86 arch:x86

    0e91e4b075c3df52b55d07c3e4b09e05


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/LongRADrv2K.sys
    .sys windows:5 windows x86 arch:x86

    6dfe0fe2a951b7a88aac8d7a48c3c8e4


    Code Sign

    Headers

    Imports

    Sections

  • 7zxr.dll
    .dll windows:4 windows x86 arch:x86

    99348a3a2c8e41aeb2829d97bc176e99


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Cloud.exe.Manifest
    .xml
  • CloudAssist.exe
    .exe windows:4 windows x86 arch:x86

    c9eeed69e07eb601cfd01dadcfe86033


    Code Sign

    Headers

    Imports

    Sections

  • CloudFun.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5bdb0074cd7e342ecebede7bb77cb2fb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • CloudFun2.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5bdb0074cd7e342ecebede7bb77cb2fb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • CloudServer.exe
    .exe windows:4 windows x86 arch:x86

    17de4b7c3b2f57feae8522764ffc4798


    Code Sign

    Headers

    Imports

    Sections

  • CloudServer.exe.Manifest
  • Dock_UI/other/ShareFailedTips.png
    .png
  • Dock_UI/other/ShareTips.png
    .png
  • Dock_UI/other/defaultclassmovetips.PNG
    .png
  • Dock_UI/other/learntoopenWebTips.png
    .png
  • Dock_UI/other/pack_tips.png
    .png
  • Dock_UI/xmenu-skins/C ת1.png
    .png
  • Dock_UI/xmenu-skins/C ת10.png
    .png
  • Dock_UI/xmenu-skins/C ת2.png
    .png
  • Dock_UI/xmenu-skins/C ת3.png
    .png
  • Dock_UI/xmenu-skins/C ת4.png
    .png
  • Dock_UI/xmenu-skins/C ת5.png
    .png
  • Dock_UI/xmenu-skins/C ת6.png
    .png
  • Dock_UI/xmenu-skins/C ת7.png
    .png
  • Dock_UI/xmenu-skins/C ת8.png
    .png
  • Dock_UI/xmenu-skins/C ת9.png
    .png
  • Dock_UI/xmenu-skins/C .png
    .png
  • Dock_UI/xmenu-skins/C .png
    .png
  • Dock_UI/xmenu-skins/C .png
    .png
  • Dock_UI/xmenu-skins/win7СC.png
    .png
  • Dock_UI/xmenu-skins/win7С.png
    .png
  • Dock_UI/xmenu-skins/win7С.png
    .png
  • Dock_UI/xmenu-skins/win7C.png
    .png
  • Dock_UI/xmenu-skins/win7C__.png
    .png
  • Dock_UI/xmenu-skins/win7C__.png
    .png
  • Dock_UI/xmenu-skins/win7.png
    .png
  • Dock_UI/xmenu-skins/win7.png
    .png
  • Dock_UI/xmenu-skins/СC_1.png
    .png
  • Dock_UI/xmenu-skins/СC_10.png
    .png
  • Dock_UI/xmenu-skins/СC_2.png
    .png
  • Dock_UI/xmenu-skins/СC_3.png
    .png
  • Dock_UI/xmenu-skins/СC_4.png
    .png
  • Dock_UI/xmenu-skins/СC_5.png
    .png
  • Dock_UI/xmenu-skins/СC_6.png
    .png
  • Dock_UI/xmenu-skins/СC_7.png
    .png
  • Dock_UI/xmenu-skins/СC_8.png
    .png
  • Dock_UI/xmenu-skins/СC_9.png
    .png
  • Dock_UI/xmenu-skins/_01.png
    .png
  • Dock_UI/xmenu-skins/_02.png
    .png
  • Dock_UI/xmenu-skins/_03.png
    .png
  • Dock_UI/xmenu-skins/_C.png
    .png
  • Dock_UI/xmenu-skins/ʾ.png
    .png
  • Dock_UI/xmenu-skins/ļʾ.png
    .png
  • Dock_UI/xmenu-skins/ļʾ.png
    .png
  • Dock_UI/xmenu-skins/ļʾ.png
    .png
  • Dock_UI/xmenu-skins/_01.png
    .png
  • Dock_UI/xmenu-skins/_02.png
    .png
  • Dock_UI/xmenu-skins/_03.png
    .png
  • Dock_UI/xmenu-skins/_C.png
    .png
  • Dock_UI/xmenu-skins/C_1.png
    .png
  • Dock_UI/xmenu-skins/C_10.png
    .png
  • Dock_UI/xmenu-skins/C_2.png
    .png
  • Dock_UI/xmenu-skins/C_3.png
    .png
  • Dock_UI/xmenu-skins/C_4.png
    .png
  • Dock_UI/xmenu-skins/C_5.png
    .png
  • Dock_UI/xmenu-skins/C_6.png
    .png
  • Dock_UI/xmenu-skins/C_7.png
    .png
  • Dock_UI/xmenu-skins/C_8.png
    .png
  • Dock_UI/xmenu-skins/C_9.png
    .png
  • Dock_UI/xmenu-skins/һιرʱ .png
    .png
  • Dock_UI/xmenu-skins/һιرʱ .png
    .png
  • Dock_UI/xmenu-skins/һιرʱ .png
    .png
  • Dock_UI/xmenu-skins/һιرʱ .png
    .png
  • Dock_UI/xmenu-skins/һлģʽ .png
    .png
  • Dock_UI/xmenu-skins/һлģʽ .png
    .png
  • Dock_UI/xmenu-skins/һлģʽ .png
    .png
  • Dock_UI/xmenu-skins/һлģʽ .png
    .png
  • Dock_UI/xmenu-skins/䰴_01.png
    .png
  • Dock_UI/xmenu-skins/䰴_02.png
    .png
  • Dock_UI/xmenu-skins/䰴_03.png
    .png
  • Dock_UI/xmenu-skins/䴥_01.png
    .png
  • Dock_UI/xmenu-skins/䴥_02.png
    .png
  • Dock_UI/xmenu-skins/䴥_03.png
    .png
  • Dock_UI/xmenu-skins/C ת1.png
    .png
  • Dock_UI/xmenu-skins/C ת10.png
    .png
  • Dock_UI/xmenu-skins/C ת2.png
    .png
  • Dock_UI/xmenu-skins/C ת3.png
    .png
  • Dock_UI/xmenu-skins/C ת4.png
    .png
  • Dock_UI/xmenu-skins/C ת5.png
    .png
  • Dock_UI/xmenu-skins/C ת6.png
    .png
  • Dock_UI/xmenu-skins/C ת7.png
    .png
  • Dock_UI/xmenu-skins/C ת8.png
    .png
  • Dock_UI/xmenu-skins/C ת9.png
    .png
  • Dock_UI/xmenu-skins/C .png
    .png
  • Dock_UI/xmenu-skins/C .png
    .png
  • Dock_UI/xmenu-skins/C .png
    .png
  • Dock_UI/xmenu-skins/_01.png
    .png
  • Dock_UI/xmenu-skins/_02.png
    .png
  • Dock_UI/xmenu-skins/_03.png
    .png
  • Dock_UI/xmenu-skins/ 1.png
    .png
  • Dock_UI/xmenu-skins/ 10.png
    .png
  • Dock_UI/xmenu-skins/ 2.png
    .png
  • Dock_UI/xmenu-skins/ 3.png
    .png
  • Dock_UI/xmenu-skins/ 4.png
    .png
  • Dock_UI/xmenu-skins/ 5.png
    .png
  • Dock_UI/xmenu-skins/ 6.png
    .png
  • Dock_UI/xmenu-skins/ 7.png
    .png
  • Dock_UI/xmenu-skins/ 8.png
    .png
  • Dock_UI/xmenu-skins/ 9.png
    .png
  • Dock_UI/xmenu-skins/_01.png
    .png
  • Dock_UI/xmenu-skins/_02.png
    .png
  • Dock_UI/xmenu-skins/_03.png
    .png
  • Dock_UI/xmenu-skins/_C.png
    .png
  • FTKTCPxAPI.dll
    .dll windows:4 windows x86 arch:x86

    76fc8bf5f51c985d2948e6afb87def9d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FTKUDPxAPI.dll
    .dll windows:4 windows x86 arch:x86

    dfb52a518a2987b227ce2949c6857a2a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FTKernelAPI.dll
    .dll windows:4 windows x86 arch:x86

    a5c5fc1819b716b406a6a467f62181b7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • GdiPlus.dll
    .dll windows:6 windows x86 arch:x86

    5c3e3e3c6795c2a59bbb9fb0c591387f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LongRADrv.sys
    .sys windows:5 windows x86 arch:x86

    0e91e4b075c3df52b55d07c3e4b09e05


    Code Sign

    Headers

    Imports

    Sections

  • LongRADrv2K.sys
    .sys windows:5 windows x86 arch:x86

    6dfe0fe2a951b7a88aac8d7a48c3c8e4


    Code Sign

    Headers

    Imports

    Sections

  • LongRAShell.exe
    .exe windows:4 windows x86 arch:x86

    13c1f8000a2e310450d85082cb8b010a


    Code Sign

    Headers

    Imports

    Sections

  • Module.exe
    .exe windows:4 windows x86 arch:x86

    08bbf2fd263f3e24cfc141bed1783b20


    Code Sign

    Headers

    Imports

    Sections

  • RecommendSortCloud.ini
  • RecommendSortLocal.ini
  • SoftDetailLocal.mht
    .eml .js polyglot
  • attachment-3
    .gif
  • attachment-4
    .gif
  • email-html-1.txt
    .js
  • SoftDetailLocal_1.mht
    .eml .js polyglot
  • attachment-2
    .gif
  • email-html-1.txt
    .js
  • UDPEchoAPI.dll
    .dll windows:4 windows x86 arch:x86

    2ab58bbe4ee5565d0e620d2caeafc9e4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • cloud.exe
    .exe windows:4 windows x86 arch:x86

    f0cc8b28e2d40f818f20e8959f3cc943


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • cloudcache.ico
  • lva.ico
  • mycompress.dll
    .dll windows:4 windows x86 arch:x86

    98ed3d9ae36f1a87a796ffa68a0266d2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • nonenet.mht
    .eml .js polyglot
  • attachment-2
    .gif
  • email-html-1.txt
    .js
  • otherConfig.ini
  • pk.ini
  • readme.txt
  • start_panel/LoadSoftList.gif
    .gif
  • start_panel/չ.bmp
  • start_panel/.png
    .png
  • start_panel/屳_01.bmp
  • start_panel/屳_02.bmp
  • start_panel/屳_03.bmp
  • start_panel/屳_04.bmp
  • start_panel/屳_05.bmp
  • start_panel/屳_06.bmp
  • start_panel/屳_07.bmp
  • start_panel/屳_08.bmp
  • start_panel/屳_09.bmp
  • start_panel/ѡб.bmp
  • start_panel/.bmp
  • start_panel/.bmp
  • start_panel/ļСԲ.bmp
  • start_panel/Ϣͼ.bmp
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $TEMP/CloudTool.exe
    .exe windows:4 windows x86 arch:x86

    45c2417c744386b25ce6d4e558f02974


    Code Sign

    Headers

    Imports

    Sections

  • xmenu.dll
    .dll windows:4 windows x86 arch:x86

    e21e38d68bb8b1f663f3f9df8285a693


    Code Sign

    Headers

    Imports

    Exports

    Sections