Overview

overview

7

Static

static

3

643dc4737d...18.exe

windows7-x64

7

643dc4737d...18.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ay.dll

windows7-x64

3

$PLUGINSDI...ay.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...el.dll

windows7-x64

3

$PLUGINSDI...el.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ML.dll

windows7-x64

3

$PLUGINSDI...ML.dll

windows10-2004-x64

3

$SYSDIR/$S...on.scr

windows7-x64

1

$SYSDIR/$S...on.scr

windows10-2004-x64

1

$TEMP/$SYS...on.scr

windows7-x64

1

$TEMP/$SYS...on.scr

windows10-2004-x64

1

$TEMP/dump.dll

windows7-x64

5

$TEMP/dump.dll

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    643dc4737d905122b0068e8cfee12865_JaffaCakes118

  • Size

    5.8MB

  • MD5

    643dc4737d905122b0068e8cfee12865

  • SHA1

    4bab837babd48f7e9307606461edc9bfd14a53fa

  • SHA256

    7463386b5df5dfffddb501ac5b495f7fe09ca677c9b05de3324610186142f6d5

  • SHA512

    7ff1d59e8215477e3ecbf9dea82cc098a72d98ca17906d81c6d34212a0039a159fe7f9c82f57d4c06e240ad2ff3e70ac238dc7b2b0dd5cbc1bf55f121d8115e9

  • SSDEEP

    98304:RqSCVe6EpXm2SF+eZdQZIk3lfd9s9x5VlukFga4xvvt1EkJytVcGDZUbvg:IhA6EpXmvlZALt3qx7lupH9JSVz1Ubvg

Score
3/10

Malware Config

Signatures

  • Unsigned PE 20 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 643dc4737d905122b0068e8cfee12865_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ButtonEvent.dll
    .dll windows:4 windows x86 arch:x86

    0ece15e7d9bb35972aec701f46192460


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ExecCmd.dll
    .dll windows:4 windows x86 arch:x86

    bf44c9fb48bb8c36b3e2527e7252350d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:4 windows x86 arch:x86

    2dfc6a992d004b736e85c64219a88b4a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    c480ee4d2a64d4a16edee43fdfe35079


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstPath.ini
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISArray.dll
    .dll windows:5 windows x86 arch:x86

    812688d08c0d4a81ed86daeebcf15c55


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SelfDel.dll
    .dll windows:4 windows x86 arch:x86

    7b20d7ddf67d32ef46980776247198a1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WelcomePage.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/md5dll.dll
    .dll windows:4 windows x86 arch:x86

    e57536e0d3500471d52df7cea0d65a39


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsisXML.dll
    .dll windows:4 windows x86 arch:x86

    d9ee494a2a7b0d46616d9537ef3d8431


    Headers

    Imports

    Exports

    Sections

  • $PROFILE/funshion.ini
  • $PROFILE/funshion/cache/Cacheflash/blankFs.swf
  • $PROFILE/funshion/cache/Cacheflash/donghuanew_18.swf
  • $SYSDIR/$SYSDIR/Funshion.scr
    .exe windows:4 windows x86 arch:x86

    b62c1e37720c5b9e17bf1919d5b9f4da


    Headers

    Imports

    Sections

  • $SYSDIR/funshion.ini
  • $TEMP/$SYSDIR/Funshion.scr
    .exe windows:4 windows x86 arch:x86

    b62c1e37720c5b9e17bf1919d5b9f4da


    Headers

    Imports

    Sections

  • $TEMP/dump.dll
    .dll windows:5 windows x86 arch:x86

    3ee48195f72b67bf47a99e86327db139


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/funshion.ini
  • $TEMP/gma.dll
    .dll windows:5 windows x86 arch:x86

    b2801a66554eda54a432a26764ddee64


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/installfilescn.bmp
  • $TEMP/installfilesen.bmp
  • $TEMP/installpathcn.bmp
  • $TEMP/installpathen.bmp
  • $TEMP/instpath.ini
  • $TEMP/licensecn.bmp
  • $TEMP/licenseen.bmp
  • $TEMP/nicdescr.dat
  • $TEMP/partner.ini
  • $TEMP/showfinishcn.bmp
  • $TEMP/showfinishen.bmp
  • $TEMP/welcome.bmp
  • $TEMP/welcomekugou.bmp
  • $TEMP/welcomepage.ini
  • $TEMP/xml2fspdata.exe
    .exe windows:4 windows x86 arch:x86

    87d7ff083b0bdf1af3c3bf0315b95f36


    Code Sign

    Headers

    Imports

    Sections

  • CoreAAC.ax
    .dll regsvr32 windows:4 windows x86 arch:x86

    d52e386cb07e1e13a6b9de526bbe1d78


    Headers

    Imports

    Exports

    Sections

  • CrashReport.exe
    .exe windows:4 windows x86 arch:x86

    c7a63fe944f54150c19b17178898db77


    Code Sign

    Headers

    Imports

    Sections

  • Funshion-install.ico
  • Funshion.exe
    .exe windows:4 windows x86 arch:x86

    3d97ecdd303bcd8e2fa28b49f85a8c1c


    Code Sign

    Headers

    Imports

    Sections

  • FunshionGame2.ico
  • FunshionService.exe
    .exe windows:5 windows x86 arch:x86

    203535bbea84b05fb3943fac3684446b


    Code Sign

    Headers

    Imports

    Sections

  • FunshionUpgrade.exe
    .exe windows:4 windows x86 arch:x86

    49fef21c7b2965ef5571962fa8e196ef


    Code Sign

    Headers

    Imports

    Sections

  • Funshop2.ico
  • LangResEnAmerican.dll
    .dll windows:4 windows x86 arch:x86

    22b98c5c8c68a5c45b232e3b1c1c06e3


    Code Sign

    Headers

    Imports

    Sections

  • Uninstall.exe.nsis
  • agentd.dll
    .dll windows:5 windows x86 arch:x86

    8790dfbd8414a6764f92a3f8cc352e1d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • cook.dll
    .dll windows:4 windows x86 arch:x86

    7186ef18b8145b9efacd73914d40cee0


    Headers

    Imports

    Exports

    Sections

  • coreavc.ax
    .dll regsvr32 windows:5 windows x86 arch:x86

    a51dab6f4a70c7f5108331c3fee35df0


    Headers

    Imports

    Exports

    Sections

  • dbghelp.dll
    .dll windows:7 windows x86 arch:x86

    f7cb4432172d116632abc77471a1a600


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drvc.dll
    .dll windows:4 windows x86 arch:x86

    5d841dc9603dda4e7058b842c1dedbfc


    Headers

    Imports

    Exports

    Sections

  • dump.dll
    .dll windows:5 windows x86 arch:x86

    3ee48195f72b67bf47a99e86327db139


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • fptassrv.dll
    .dll windows:5 windows x86 arch:x86

    14c2e37d1ddc895ef788dad646cd0ea0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • funshionplugin2.dll
    .dll windows:5 windows x86 arch:x86

    44134c627a83499afaea25846e6e4538


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • gma.dll
    .dll windows:5 windows x86 arch:x86

    b2801a66554eda54a432a26764ddee64


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • icon/MP4.ico
  • icon/RMVB.ico
  • lsv.dll
    .dll windows:5 windows x86 arch:x86

    6a1857365fd356c10f35a44840b095bc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • nicdescr.dat
  • pncrt.dll
    .dll windows:4 windows x86 arch:x86

    828907b7a8ec04c9c4031e40ef2f76ec


    Headers

    Imports

    Exports

    Sections

  • pndx5016.dll
  • pndx5032.dll
    .dll windows:4 windows x86 arch:x86

    3dff24d172f5031d837d000fcf3a81f8


    Headers

    Imports

    Exports

    Sections

  • pos.ini
  • ptv.dll
    .dll windows:5 windows x86 arch:x86

    af102ead442f5313add6a7162d58b00c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • quality.dll
    .dll windows:5 windows x86 arch:x86

    03d0ddb988e4f35176196c8a95a4a257


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • rmoc3260.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    856609e709a6cabc2acd456e10aed0e4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • skin/AbnormalPopWndCloseBtn.bmp
  • skin/AddListFile.bmp
  • skin/AddMore.bmp
  • skin/ArrowsTipBk.bmp
  • skin/BtmLeftCornor.bmp
  • skin/BtmRightCornor.bmp
  • skin/Buffering.gif
    .gif
  • skin/CaptionCloseBtn.bmp
  • skin/CaptionMaxBtn.bmp
  • skin/CaptionMenuBtn.bmp
  • skin/CaptionMenuBtnEn.bmp
  • skin/CaptionMinBtn.bmp
  • skin/CaptionModeBtn.bmp
  • skin/CaptionNormalBtn.bmp
  • skin/CaptionText.bmp
  • skin/CaptionTextEn.bmp
  • skin/CheckBox_Box.bmp
  • skin/CheckBox_Check.bmp
  • skin/ClearFile.bmp
  • skin/Default/CaptionCloseBtn.bmp
  • skin/Default/CaptionFamilyBtn.bmp
  • skin/Default/CaptionFamilyBtnEn.bmp
  • skin/Default/CaptionMaxBtn.bmp
  • skin/Default/CaptionMenuBtn.bmp
  • skin/Default/CaptionMinBtn.bmp
  • skin/Default/CaptionModeBtn.bmp
  • skin/Default/CaptionNormalBtn.bmp
  • skin/Default/IeToolBarBack.bmp
  • skin/Default/IeToolBarForward.bmp
  • skin/Default/IeToolBarGamePage.bmp
  • skin/Default/IeToolBarHomePage.bmp
  • skin/Default/IeToolBarRefresh.bmp
  • skin/Default/IeToolBarShopPage.bmp
  • skin/Default/WebToolBarBk.bmp
  • skin/Default/switchToLibrary.bmp
  • skin/Default/switchToLibraryEn.bmp
  • skin/Default/switchToPlayer.bmp
  • skin/Default/switchToPlayerEn.bmp
  • skin/Default/wndBkgnd.bmp
  • skin/DelListFile.bmp
  • skin/DiskWarnning.bmp
  • skin/Family/CaptionCloseBtn.bmp
  • skin/Family/CaptionFamilyBtn.bmp
  • skin/Family/CaptionFamilyBtnEn.bmp
  • skin/Family/CaptionMaxBtn.bmp
  • skin/Family/CaptionMenuBtn.bmp
  • skin/Family/CaptionMinBtn.bmp
  • skin/Family/CaptionModeBtn.bmp
  • skin/Family/CaptionNormalBtn.bmp
  • skin/Family/IeToolBarBack.bmp
  • skin/Family/IeToolBarForward.bmp
  • skin/Family/IeToolBarGamePage.bmp
  • skin/Family/IeToolBarHomePage.bmp
  • skin/Family/IeToolBarRefresh.bmp
  • skin/Family/IeToolBarShopPage.bmp
  • skin/Family/WebToolBarBk.bmp
  • skin/Family/switchToLibrary.bmp
  • skin/Family/switchToLibraryEn.bmp
  • skin/Family/switchToPlayer.bmp
  • skin/Family/switchToPlayerEn.bmp
  • skin/Family/wndBkgnd.bmp
  • skin/HidePlayInfoBtn.bmp
  • skin/IErrorReshBtn.bmp
  • skin/IErrorWndBk.bmp
  • skin/IeToolBarBack.bmp
  • skin/IeToolBarBkgnd.bmp
  • skin/IeToolBarForward.bmp
  • skin/IeToolBarGamePage.bmp
  • skin/IeToolBarHomePage.bmp
  • skin/IeToolBarRefresh.bmp
  • skin/IeToolBarShopPage.bmp
  • skin/IntergrateModeBtn.bmp
  • skin/LibraryStatus.bmp
  • skin/LibraryStatusEn.bmp
  • skin/LogoMini.bmp
  • skin/LogoMiniEn.bmp
  • skin/OptionBtnArrow.bmp
  • skin/OptionBtnBk.bmp
  • skin/OptionBtnDownArrow.bmp
  • skin/OptionBtnUpArrow.bmp
  • skin/OptionSplidBarHead.bmp
  • skin/OptionSplidBarTrail.bmp
  • skin/OptionSplideBarBkgnd.bmp
  • skin/OptionSplideBarThumb.bmp
  • skin/OptionText.bmp
  • skin/OptionTextEn.bmp
  • skin/PauseAdCloseBtn.bmp
  • skin/PauseFlickerBtn.bmp
  • skin/PlayInfoCurPlay.bmp
  • skin/PlayList.bmp
  • skin/PlayListEn.bmp
  • skin/PlayTrackBarThumb.bmp
  • skin/PlayTrackBarThumbSel.bmp
  • skin/PlayerBarBtnFullView.bmp
  • skin/PlayerBarBtnNext.bmp
  • skin/PlayerBarBtnNextMini.bmp
  • skin/PlayerBarBtnNonTop.bmp
  • skin/PlayerBarBtnNormal.bmp
  • skin/PlayerBarBtnPause.bmp
  • skin/PlayerBarBtnPauseMini.bmp
  • skin/PlayerBarBtnPlay.bmp
  • skin/PlayerBarBtnPlayList.bmp
  • skin/PlayerBarBtnPlayMini.bmp
  • skin/PlayerBarBtnPre.bmp
  • skin/PlayerBarBtnPreMini.bmp
  • skin/PlayerBarBtnSimple.bmp
  • skin/PlayerBarBtnSimpleEn.bmp
  • skin/PlayerBarBtnStop.bmp
  • skin/PlayerBarBtnStopMini.bmp
  • skin/PlayerBarBtnTop.bmp
  • skin/PlayerBarBtnVolMute.bmp
  • skin/PlayerBarBtnVolume.bmp
  • skin/PlayerBarBtnVolumeMini.bmp
  • skin/PlayerBarOpenFile.bmp
  • skin/PlayerStatus.bmp
  • skin/PlayerStatusEn.bmp
  • skin/PlayerTipCloseBtn.bmp
  • skin/PopUrlCheckBtn.bmp
  • skin/PopUrlCheckBtnCheck.bmp
  • skin/PopUrlCloseBtn.bmp
  • skin/PopUrlCloseBtnAbnormal.bmp
  • skin/PopUrlIcon.bmp
  • skin/PopUrlMiniBtn.bmp
  • skin/RadioBtnBox.bmp
  • skin/RadioBtnPt.bmp
  • skin/RpcLoading.gif
    .gif
  • skin/RpcStartDlgBk.bmp
  • skin/Scroll.gif
    .gif
  • skin/ScrollBarDownArrow.bmp
  • skin/ScrollBarDownArrowOption.bmp
  • skin/ScrollBarUpArrow.bmp
  • skin/ScrollBarUpArrowOption.bmp
  • skin/ScrollBarVerBkgnd.bmp
  • skin/ScrollBarVerBkgndOption.bmp
  • skin/ScrollBarVerWidgetBkgnd.bmp
  • skin/ScrollBarVerWidgetBkgndOption.bmp
  • skin/ScrollBarVerWidgetHead.bmp
  • skin/ScrollBarVerWidgetHeadOption.bmp
  • skin/ScrollBarVerWidgetMid.bmp
  • skin/ScrollBarVerWidgetMidOption.bmp
  • skin/ScrollBarVerWidgetTrail.bmp
  • skin/ScrollBarVerWidgetTrailOption.bmp
  • skin/ScrollLinkBkgnd.bmp
  • skin/ScrollLinkFrm.bmp
  • skin/ShowPlayInfoBtn.bmp
  • skin/TabModeBtn.bmp
  • skin/TaskBarTipDownArrow.bmp
  • skin/TaskDelete.bmp
  • skin/TaskDownLoad.bmp
  • skin/TaskList.bmp
  • skin/TaskListEn.bmp
  • skin/TaskListStatIcons.bmp
  • skin/TaskListStatSelIcon.bmp
  • skin/TaskManagerCloseBtn.bmp
  • skin/TaskManagerCloseTxtBtn.bmp
  • skin/TaskPaused.bmp
  • skin/TextBtnBk.bmp
  • skin/TipBottomArrow.bmp
  • skin/TipRightArrow.bmp
  • skin/TipTopArrow.bmp
  • skin/TopLeftCornor.bmp
  • skin/TopRightCornor.bmp
  • skin/UpdateBtmBkgnd.bmp
  • skin/UpdateBtmCloseBtn.bmp
  • skin/UpdateBtmIgoreBtn.bmp
  • skin/UpdateBtmUpdateBtn.bmp
  • skin/UpdateCapBkgnd.bmp
  • skin/UpdateCaption.bmp
  • skin/UpdateIconFail.bmp
  • skin/UpdateIconInit.bmp
  • skin/UpdateIconSuc.bmp
  • skin/WebCloseBtn.bmp
  • skin/WebCloseBtnRgn.bmp
  • skin/WebToolBarBk.bmp
  • skin/WndCloseBtn.bmp
  • skin/bmpCleanFile.bmp
  • skin/bmpClearDisk.bmp
  • skin/bmpError.bmp
  • skin/bmpError_IE.bmp
  • skin/bmpPlayBarTip.bmp
  • skin/bmpPrompt.bmp
  • skin/bmpQuestion.bmp
  • skin/bmpTimerClose.bmp
  • skin/bmpYellowQuestion.bmp
  • skin/imgCleanFileBtn.bmp
  • skin/imgCloseMini.bmp
  • skin/imgFullViewMini.bmp
  • skin/imgMinViewMini.bmp
  • skin/imgNonTopViewMini.bmp
  • skin/imgNormalViewMini.bmp
  • skin/imgStandardMini.bmp
  • skin/imgStandardMiniEn.bmp
  • skin/imgTopViewMini.bmp
  • skin/imgVolCtrlBarThumb.bmp
  • skin/imgVolCtrlBarThumbSel.bmp
  • skin/list_expend.bmp
  • skin/switchToLibrary.bmp
  • skin/switchToLibraryEn.bmp
  • skin/switchToPlayer.bmp
  • skin/switchToPlayerEn.bmp
  • ttv.dll
    .dll windows:5 windows x86 arch:x86

    d12a63730ffa7bbdec06514768a82fbc


    Code Sign

    Headers

    Imports

    Exports

    Sections