General

  • Target

    63cfede85b22162f4925d34b729e1fd8_JaffaCakes118

  • Size

    3.5MB

  • MD5

    63cfede85b22162f4925d34b729e1fd8

  • SHA1

    00f69f27b1fbd56edea5617252dd1e1a293a0626

  • SHA256

    f6d41473d366604174e7d1444710d891abb91ae87015d84173372e22d02653bd

  • SHA512

    26a29bd7d2d2951ae7b1f5e80f38fb017e98905cca9b3ef259e8bfd3045d902b6a80c324bb54b0dc0b9f1e6e1cc95808873531caa3fd9bcffd65339c64b5e718

  • SSDEEP

    98304:ThzXm9bBMLlH+8ABfFON9scJ/N/Fv9F0O+h:pXm9dgH+8w9C15N91qh

Score
3/10

Malware Config

Signatures

  • Unsigned PE 15 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 63cfede85b22162f4925d34b729e1fd8_JaffaCakes118
    .rar
  • KTsetup.exe
    .exe windows:4 windows x86 arch:x86

    4f2145f489d9c324280558d2e08c717d


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    9d433976e02d79532f0d635ee81d0b20


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • CM_HID.dll
    .dll windows:4 windows x86 arch:x86

    a3522bed6f3b488bf1c37ad2a559f91e


    Headers

    Imports

    Exports

    Sections

  • GenDataBlt.dll
    .dll windows:4 windows x86 arch:x86

    1f959aa8e108264d5b63cd0a92470f5d


    Headers

    Imports

    Exports

    Sections

  • H323Voip.dll
    .dll windows:4 windows x86 arch:x86

    fb0692404026d17fefe968b97ecea7f1


    Headers

    Imports

    Sections

  • KT.exe
    .exe windows:4 windows x86 arch:x86

    9f62bd39577a2333a2f228d64bcca0dc


    Headers

    Imports

    Sections

  • KTNet.dll
    .dll windows:4 windows x86 arch:x86

    4cab6c0e85a6ba8805cdb37984adf60c


    Headers

    Imports

    Exports

    Sections

  • KTupdate.exe
    .exe windows:4 windows x86 arch:x86

    6de8110355f2b1e416cc9ae3d28ed35b


    Headers

    Imports

    Sections

  • MFC71.dll
    .dll windows:4 windows x86 arch:x86

    7397fb8b8633dd76aa9cbc7e2e0c24bd


    Headers

    Imports

    Sections

  • MFC71u.dll
    .dll windows:4 windows x86 arch:x86

    b3fbf4599c17e9bc7ccae6518bf0f868


    Headers

    Imports

    Sections

  • gdiplus.dll
    .dll windows:5 windows x86 arch:x86

    7d265bc0350ed04fb2dffec878eb283e


    Headers

    Imports

    Exports

    Sections

  • gif/KTadver.gif
    .gif
  • gif/PhoneHoldOn.gif
    .gif
  • gif/PhoneNormal.gif
    .gif
  • gif/PhoneRing.gif
    .gif
  • gif/Thumbs.db
  • gif/logining.gif
    .gif
  • gif/pic.bmp
  • ktcommon.dll
    .dll windows:4 windows x86 arch:x86

    be12ef332e16f5e0ced95d648418d3cf


    Headers

    Imports

    Exports

    Sections

  • ktver.dat
  • msvcp71.dll
    .dll windows:4 windows x86 arch:x86

    5e2398adb60a70c7ab04e7cba75a7983


    Headers

    Imports

    Exports

    Sections

  • msvcr71.dll
    .dll windows:4 windows x86 arch:x86

    7acc8c379c768a1ecd81ec502ff5f33e


    Headers

    Imports

    Exports

    Sections

  • qz.dat
  • skin/Frame/CloseDisable.bmp
  • skin/Frame/CloseHover.bmp
  • skin/Frame/CloseNormal.bmp
  • skin/Frame/Closedown.bmp
  • skin/Frame/FrameX_BK.bmp
  • skin/Frame/Thumbs.db
  • skin/KTicon/Thumbs.db
  • skin/KTicon/nousb.bmp
  • skin/KTicon/usb.bmp
  • skin/LOGIN/Combobut1.bmp
  • skin/LOGIN/Combobut2.bmp
  • skin/LOGIN/Combobut3.bmp
  • skin/LOGIN/Combobut4.bmp
  • skin/LOGIN/Thumbs.db
  • skin/LOGIN/btn_cancel_d.bmp
  • skin/LOGIN/btn_cancel_h.bmp
  • skin/LOGIN/btn_cancel_n.bmp
  • skin/LOGIN/btn_login_d.bmp
  • skin/LOGIN/btn_login_h.bmp
  • skin/LOGIN/btn_login_n.bmp
  • skin/LOGIN/btn_reg_d.bmp
  • skin/LOGIN/btn_reg_h.bmp
  • skin/LOGIN/btn_reg_n.bmp
  • skin/LOGIN/comboBt.bmp
  • skin/LOGIN/ktlogin.jpg
    .jpg
  • skin/Phone/0_d.bmp
  • skin/Phone/0_h.bmp
  • skin/Phone/0_n.bmp
  • skin/Phone/1_d.bmp
  • skin/Phone/1_h.bmp
  • skin/Phone/1_n.bmp
  • skin/Phone/2_d.bmp
  • skin/Phone/2_h.bmp
  • skin/Phone/2_n.bmp
  • skin/Phone/3_d.bmp
  • skin/Phone/3_h.bmp
  • skin/Phone/3_n.bmp
  • skin/Phone/4_d.bmp
  • skin/Phone/4_h.bmp
  • skin/Phone/4_n.bmp
  • skin/Phone/5_d.bmp
  • skin/Phone/5_h.bmp
  • skin/Phone/5_n.bmp
  • skin/Phone/6_d.bmp
  • skin/Phone/6_h.bmp
  • skin/Phone/6_n.bmp
  • skin/Phone/7_d.bmp
  • skin/Phone/7_h.bmp
  • skin/Phone/7_n.bmp
  • skin/Phone/8_d.bmp
  • skin/Phone/8_h.bmp
  • skin/Phone/8_n.bmp
  • skin/Phone/9_d.bmp
  • skin/Phone/9_h.bmp
  • skin/Phone/9_n.bmp
  • skin/Phone/Thumbs.db
  • skin/Phone/add_d.bmp
  • skin/Phone/add_h.bmp
  • skin/Phone/add_n.bmp
  • skin/Phone/bg_01.bmp
  • skin/Phone/boda_d.bmp
  • skin/Phone/boda_h.bmp
  • skin/Phone/boda_n.bmp
  • skin/Phone/break_d.bmp
  • skin/Phone/break_h.bmp
  • skin/Phone/break_n.bmp
  • skin/Phone/call_d.bmp
  • skin/Phone/call_h.bmp
  • skin/Phone/call_n.bmp
  • skin/Phone/clear_d.bmp
  • skin/Phone/clear_h.bmp
  • skin/Phone/clear_n.bmp
  • skin/Phone/close_d.bmp
  • skin/Phone/close_h.bmp
  • skin/Phone/close_n.bmp
  • skin/Phone/friendDlgbk.jpg
    .jpg
  • skin/Phone/friend_d.bmp
  • skin/Phone/friend_h.bmp
  • skin/Phone/friend_n.bmp
  • skin/Phone/ico.bmp
  • skin/Phone/listHead1.BMP
  • skin/Phone/listHead2.BMP
  • skin/Phone/listbk.bmp
  • skin/Phone/logo.bmp
  • skin/Phone/logo_offline.bmp
  • skin/Phone/logo_online.bmp
  • skin/Phone/menu_d.bmp
  • skin/Phone/menu_h.bmp
  • skin/Phone/menu_n.bmp
  • skin/Phone/min_d.bmp
  • skin/Phone/min_h.bmp
  • skin/Phone/min_n.bmp
  • skin/Phone/number_d.bmp
  • skin/Phone/number_h.bmp
  • skin/Phone/number_n.bmp
  • skin/Phone/pay_d.bmp
  • skin/Phone/pay_h.bmp
  • skin/Phone/pay_n.bmp
  • skin/Phone/phone_err.bmp
  • skin/Phone/phonebg.jpg
    .jpg
  • skin/Phone/recordDlgBk.jpg
    .jpg
  • skin/Phone/s.bmp
  • skin/Phone/search_01.bmp
  • skin/Phone/search_02.bmp
  • skin/Phone/search_03.bmp
  • skin/Phone/search_04.bmp
  • skin/Phone/star_d.bmp
  • skin/Phone/star_h.bmp
  • skin/Phone/star_n.bmp
  • skin/Phone/trecord_d.bmp
  • skin/Phone/trecord_h.bmp
  • skin/Phone/trecord_n.bmp
  • skin/Popmsg/Thumbs.db
  • skin/Popmsg/popmsgback.bmp
  • skin/Thumbs.db
  • skin/myself.bmp
  • skin/touch/Thumbs.db
  • skin/touch/cancel_01.bmp
  • skin/touch/cancel_02.bmp
  • skin/touch/cancel_03.bmp
  • skin/touch/confirm_01.bmp
  • skin/touch/confirm_02.bmp
  • skin/touch/confirm_03.bmp
  • skin/touch/delfriendDlgBkjpg.jpg
    .jpg
  • skin/touch/delfriendDlgInfo.bmp
  • skin/touch/delfriendDlgOrdi.bmp
  • skin/touch/delfriendDlgquest.bmp
  • skin/touch/friendDlgBkjpg.jpg
    .jpg
  • skin/touch/no_01.bmp
  • skin/touch/no_02.bmp
  • skin/touch/no_03.bmp
  • skin/touch/yes_01.bmp
  • skin/touch/yes_02.bmp
  • skin/touch/yes_03.bmp
  • sound/key0.wav
  • sound/key1.wav
  • sound/key2.wav
  • sound/key3.wav
  • sound/key4.wav
  • sound/key5.wav
  • sound/key6.wav
  • sound/key7.wav
  • sound/key8.wav
  • sound/key9.wav
  • sound/keystar.wav
  • sound/keywell.wav
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    4f2145f489d9c324280558d2e08c717d


    Headers

    Imports

    Sections

  • 新云软件.url
    .url