General

  • Target

    6737e668ef634d6c8038d6f06f5227d4_JaffaCakes118

  • Size

    16.1MB

  • MD5

    6737e668ef634d6c8038d6f06f5227d4

  • SHA1

    228f72a355708cec826a83853a5470222b756ac4

  • SHA256

    96017ba3f91999c60bf482ab9db3d07601c5494bb28de79828ddf936eea04dd0

  • SHA512

    c37c0376331804d3db52cbca0cc66aacdaf53ea8aa5ef79183b253f4ba558b7067bf86818dff07f9669e1467a32a41cc3886b25a410a12a7cea2b72a9f03fdd9

  • SSDEEP

    393216:tQtOoqigVbA31VkJipRiIIqfGiPwSuuyWWxXmfMe+HTiqlPJ1iig88aQlbMM0R:tQtONikGDpRPImVPwSjSXQMvHTd8/Pal

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 23 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs

Files

  • 6737e668ef634d6c8038d6f06f5227d4_JaffaCakes118
    .rar
  • sr2012.0.6.0.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    8df26927f8978d4eb40ff179c0aa961b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Internet.dll
    .dll windows:4 windows x86 arch:x86

    04281f88c3d826e409dc7c24629e7efc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    153027ec3b10bcea606b777657dd3402


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/baidu.bmp
  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    3f1149a3053980fe6b461521d2b55a2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/w7tbp.dll
    .dll windows:4 windows x86 arch:x86

    fdb9d529772752ac356e92b3e3221b71


    Headers

    Imports

    Exports

    Sections

  • 7z.dll
    .dll windows:4 windows x86 arch:x86

    6121a49841bf6f5b3700c1ebbb28be41


    Headers

    Imports

    Exports

    Sections

  • AdbWinApi.dll
    .dll windows:6 windows x86 arch:x86

    c64cac39044626770353879245ea25e4


    Headers

    Imports

    Exports

    Sections

  • AdbWinUsbApi.dll
    .dll windows:6 windows x86 arch:x86

    fda9f9f5f569ddd0dbf3ad8a275a2eb8


    Headers

    Imports

    Exports

    Sections

  • AxmlPrinter.dll
    .dll windows:5 windows x86 arch:x86

    7f77c22ca3fffee23b8658e7ffb19e0a


    Headers

    Imports

    Exports

    Sections

  • CABARC.EXE
    .exe windows:4 windows x86 arch:x86

    31a7a625e3c5598b9ba0c005a1a1016a


    Code Sign

    Headers

    Imports

    Sections

  • Downloader.dll
    .dll windows:4 windows x86 arch:x86

    3ee58e5267d7812f3c5c29beacb663c3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • DriverLib.dll
    .dll windows:5 windows x86 arch:x86

    b70fefee73a8eaabc1f72493c5521635


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FileAes.dll
    .dll windows:5 windows x86 arch:x86

    3a058455ddb946eb1beb2c71ed8a25c9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • GdiPlus.dll
    .dll windows:6 windows x86 arch:x86

    ef4c749f5dec4632456950949469f18c


    Headers

    Imports

    Exports

    Sections

  • HWManager.dll
    .dll windows:5 windows x86 arch:x86

    7560d04ad647c07a654be253da59f048


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • IEFix.dll
    .dll windows:5 windows x86 arch:x86

    753ba9ab8dbe89ab76baac9a02df81e9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • IEPluginScanner.dll
    .dll windows:5 windows x86 arch:x86

    6c490ae33ae75e5b5ec8a17b0896cb60


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • MSVBVM60.DLL
    .dll regsvr32 windows:4 windows x86 arch:x86

    5d13f1b45437e48acf7175e1471cd9aa


    Headers

    Imports

    Exports

    Sections

  • MagicSet.exe.tmp
    .exe windows:5 windows x86 arch:x86

    efb5a0e1c25cd4f085652019c16f803b


    Code Sign

    Headers

    Imports

    Sections

  • RabbitLobby.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • RegEditScanner.dll
    .dll windows:5 windows x86 arch:x86

    8489cba6612094a312534d1dcc2eb497


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • RubbishFileScanner.dll
    .dll windows:5 windows x86 arch:x86

    e94c70e725ac09fe45d84240850fdf9e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • SRAA.ini
  • SRPFT.exe
    .exe windows:5 windows x86 arch:x86

    a0b3353b9649d3d7fc72b77eb69f1e57


    Code Sign

    Headers

    Imports

    Sections

  • SRV.db
  • ScreenTools.exe
    .exe windows:5 windows x86 arch:x86

    8339293c96ababd0fc83a6129f4e5e29


    Code Sign

    Headers

    Imports

    Sections

  • SoftManager.exe.tmp
    .exe windows:5 windows x86 arch:x86

    b1ee402981ccd4da767a48e1049e0df0


    Code Sign

    Headers

    Imports

    Sections

  • SrDriver.exe
    .exe windows:5 windows x86 arch:x86

    bcd5436a45a8716cd80a1dd92e2f28f7


    Code Sign

    Headers

    Imports

    Sections

  • SrGui.exe.tmp
    .exe windows:5 windows x86 arch:x86

    773c1f71bcb7b699e2fb9e69482fd65a


    Code Sign

    Headers

    Imports

    Sections

  • SrHw.exe
    .exe windows:5 windows x86 arch:x86

    61d85064327794a5fa5541ed12426fc2


    Code Sign

    Headers

    Imports

    Sections

  • SrRegBackup.exe
    .exe windows:5 windows x86 arch:x86

    3c6d2e74438478101fd31711862b1581


    Code Sign

    Headers

    Imports

    Sections

  • SrUpdater.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • SystemCheck.dll
    .dll windows:5 windows x86 arch:x86

    2b67009f7d73eb5843d67c830ec7df77


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • TutuAES.dll
    .dll windows:5 windows x86 arch:x86

    efac3abed7ba426b3a6a091d13fd64f4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • TutuTongji.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • TutuTongji.exe
    .exe windows:5 windows x86 arch:x86

    e7b19035fe04b9d62b7cd660d93c0776


    Code Sign

    Headers

    Imports

    Sections

  • adb.exe
    .exe windows:4 windows x86 arch:x86

    fef6cee9d0e4eec527f09da74363e32f


    Headers

    Imports

    Sections

  • addb.db
  • blank.ico
  • blankv.ico
  • cdclose.wav
  • cdopen.wav
  • dpinst.exe
    .exe windows:6 windows x86 arch:x86

    edccd8c3aac76ce5dda69437210c8041


    Code Sign

    Headers

    Imports

    Sections

  • dpinstAmd64.exe
    .exe windows:6 windows x64 arch:x64

    3eacb9638877275335da4b58e52824f8


    Code Sign

    Headers

    Imports

    Sections

  • html/AndroidDriver/css/global.css
  • html/AndroidDriver/css/main.css
  • html/AndroidDriver/images/close.png
    .png
  • html/AndroidDriver/images/input_bg.png
    .png
  • html/AndroidDriver/images/load_bg.png
    .png
  • html/AndroidDriver/images/load_l.png
    .png
  • html/AndroidDriver/images/load_m.png
    .png
  • html/AndroidDriver/images/load_r.png
    .png
  • html/AndroidDriver/images/loading.gif
    .gif
  • html/AndroidDriver/images/main_bor_left.png
    .png
  • html/AndroidDriver/images/main_bor_mid.png
    .png
  • html/AndroidDriver/images/main_bor_right.png
    .png
  • html/AndroidDriver/images/mobile.png.jpg
    .jpg
  • html/AndroidDriver/images/mobile_bg.png
    .png
  • html/AndroidDriver/images/send.png
    .png
  • html/AndroidDriver/images/update.png
    .png
  • html/AndroidDriver/index.html
    .html
  • html/AndroidDriver/mbDocument.js
    .js
  • html/AndroidDriver/prototype-1.6.0.3.js
    .js
  • html/css/global.css
  • html/css/pop.css
  • html/css/subbit.css
  • html/images/BUTTON.jpg
    .jpg
  • html/images/BUTTON.png
    .png
  • html/images/Thumbs.db
  • html/images/aborted.gif
    .gif
  • html/images/all.jpg
    .jpg
  • html/images/botton_bg.png
    .png
  • html/images/botton_bg2.jpg
    .jpg
  • html/images/botton_category_foot.jpg
    .jpg
  • html/images/botton_category_top.jpg
    .jpg
  • html/images/botton_category_top.png
    .png
  • html/images/bz.png
    .png
  • html/images/check0.gif
    .jpg
  • html/images/check0.jpg
    .jpg
  • html/images/check1.gif
    .gif
  • html/images/check2.gif
    .gif
  • html/images/check3.gif
    .gif
  • html/images/check4.gif
    .gif
  • html/images/chose.png
    .png
  • html/images/cj.png
    .png
  • html/images/clear.jpg
    .jpg
  • html/images/close.png
    .png
  • html/images/close_ico.gif
    .gif
  • html/images/continue.png
    .png
  • html/images/cz.jpg
    .jpg
  • html/images/cz_unistallSoft.jpg
    .jpg
  • html/images/dj1.jpg
    .jpg
  • html/images/down2.png
    .png
  • html/images/downing.jpg
    .jpg
  • html/images/ebotton_category_foot.png
    .png
  • html/images/enter.jpg
    .jpg
  • html/images/esc.jpg
    .jpg
  • html/images/esc.png
    .png
  • html/images/finesh.jpg
    .jpg
  • html/images/ico10.jpg
    .jpg
  • html/images/ico11.jpg
    .jpg
  • html/images/ico_bg.jpg
    .jpg
  • html/images/ico_bg2.jpg
    .jpg
  • html/images/ico_bg3.jpg
    .jpg
  • html/images/ico_bg4.jpg
    .jpg
  • html/images/ico_bg5on.jpg
    .jpg
  • html/images/ico_bg6.jpg
    .jpg
  • html/images/ico_bg7.jpg
    .jpg
  • html/images/ico_bg8.jpg
    .jpg
  • html/images/ico_onbg.jpg
    .jpg
  • html/images/ico_onbg.png
    .png
  • html/images/ie.png
    .png
  • html/images/install.jpg
    .jpg
  • html/images/install_1.jpg
    .jpg
  • html/images/install_2.jpg
    .jpg
  • html/images/jdt.jpg
    .jpg
  • html/images/left_off.jpg
    .jpg
  • html/images/left_on.jpg
    .jpg
  • html/images/li_ico.gif
    .gif
  • html/images/load.gif
    .gif
  • html/images/load.jpg
    .jpg
  • html/images/load_bg.jpg
    .jpg
  • html/images/load_bg.png
    .png
  • html/images/news-title.png
    .png
  • html/images/on.png
    .png
  • html/images/other.ico
  • html/images/pause.png
    .png
  • html/images/qd.png
    .png
  • html/images/ql.png
    .png
  • html/images/rj1.png
    .png
  • html/images/rj2.png
    .png
  • html/images/rj3.png
    .png
  • html/images/rj4.png
    .png
  • html/images/rj5.png
    .png
  • html/images/rj6.png
    .png
  • html/images/s_loading.gif
    .gif
  • html/images/scan.jpg
    .jpg
  • html/images/scan1.jpg
    .jpg
  • html/images/scan2.jpg
    .jpg
  • html/images/scan_ico.png
    .png
  • html/images/scaning_bg.png
    .png
  • html/images/set.png
    .png
  • html/images/setup.jpg
    .jpg
  • html/images/setuped.jpg
    .jpg
  • html/images/sj.jpg
    .jpg
  • html/images/sj_1.jpg
    .jpg
  • html/images/sj_2.jpg
    .jpg
  • html/images/sj_bg.png
    .png
  • html/images/soft_foot_bg.jpg
    .jpg
  • html/images/soft_ico.jpg
    .jpg
  • html/images/soft_left_bg.jpg
    .jpg
  • html/images/soft_main_line.png
    .png
  • html/images/soft_main_line2.png
    .png
  • html/images/soft_mid_bg.jpg
    .jpg
  • html/images/soft_right_bg.jpg
    .jpg
  • html/images/soft_top_bg.jpg
    .jpg
  • html/images/starscan.jpg
    .jpg
  • html/images/start1.jpg
    .jpg
  • html/images/stopscan.jpg
    .jpg
  • html/images/title_bg.jpg
    .jpg
  • html/images/title_bg2.jpg
    .jpg
  • html/images/tj_bg.png
    .png
  • html/images/ts.gif
    .gif
  • html/images/uninstall.jpg
    .jpg
  • html/images/uninstall_1.jpg
    .jpg
  • html/images/uninstall_2.jpg
    .jpg
  • html/images/uninstalled.jpg
    .jpg
  • html/images/up.jpg
    .jpg
  • html/images/up.png
    .png
  • html/images/up2.png
    .png
  • html/images/update.jpg
    .jpg
  • html/images/user_bg.png
    .png
  • html/images/user_botton_bg.jpg
    .jpg
  • html/images/user_face.gif
    .gif
  • html/images/user_input.jpg
    .jpg
  • html/images/vip_load.jpg
    .jpg
  • html/images/vip_load2.jpg
    .jpg
  • html/images/vip_load_bg.png
    .png
  • html/images/xf.jpg
    .jpg
  • html/images/xf_1.jpg
    .jpg
  • html/images/xf_2.jpg
    .jpg
  • html/images/yj.png
    .png
  • html/images/zc.png
    .png
  • html/index-1.html
    .html .js polyglot
  • html/js/builder.js
    .js
  • html/js/calendar.js
    .js
  • html/js/controls.js
    .js
  • html/js/dragdrop.js
    .js
  • html/js/effects.js
    .js
  • html/js/ferdinand.slider.js
    .js
  • html/js/mbDocument.js
    .js
  • html/js/modalbox.js
    .js
  • html/js/prototype.js
    .js
  • html/js/scriptaculous.js
    .js
  • html/js/slider.js
    .js
  • html/js/sound.js
    .js
  • html/js/tree.js
    .js
  • html/js/unittest.js
    .js
  • html/static/images/Thumbs.db
  • html/static/images/icon/Thumbs.db
  • html/static/images/setup.jpg
    .jpg
  • htmlayout.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • safeedit.exe.tmp
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • shlobj71.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    2a3635438005b443f8b86eb59ec56b48


    Headers

    Imports

    Exports

    Sections

  • sqlite3.dll
    .dll windows:4 windows x86 arch:x86

    ae203af973724c4f20d47874300ff971


    Headers

    Imports

    Exports

    Sections

  • srcd2.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • srcdnoti.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • srfc.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • srms.exe.tmp
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • srpftversion.ini
  • 新云软件.url
    .url