Overview
overview
6Static
static
3Ci_Util.exe
windows7-x64
3Ci_Util.exe
windows10-2004-x64
3ColorBar.exe
windows7-x64
6ColorBar.exe
windows10-2004-x64
3ColorImpact.chm
windows7-x64
1ColorImpact.chm
windows10-2004-x64
1ColorImpact.exe
windows7-x64
6ColorImpact.exe
windows10-2004-x64
3ColorImpact.url
windows7-x64
6ColorImpact.url
windows10-2004-x64
3Configurat...2.html
windows7-x64
3Configurat...2.html
windows10-2004-x64
3Help.url
windows7-x64
6Help.url
windows10-2004-x64
6QuickPalette.exe
windows7-x64
6QuickPalette.exe
windows10-2004-x64
6ReadMe.htm
windows7-x64
3ReadMe.htm
windows10-2004-x64
3Static task
static1
Behavioral task
behavioral1
Sample
Ci_Util.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Ci_Util.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
ColorBar.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
ColorBar.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
ColorImpact.chm
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
ColorImpact.chm
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
ColorImpact.exe
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
ColorImpact.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
ColorImpact.url
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
ColorImpact.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Configuration/SpecSheet2.html
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
Configuration/SpecSheet2.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Help.url
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
Help.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
QuickPalette.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
QuickPalette.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
ReadMe.htm
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
ReadMe.htm
Resource
win10v2004-20240802-en
General
-
Target
8767e2cb3f65d65d822ccb9d1a8d8677_JaffaCakes118
-
Size
4.0MB
-
MD5
8767e2cb3f65d65d822ccb9d1a8d8677
-
SHA1
caa01a3cee6aa7fab8193ed56b4501403282ad12
-
SHA256
23811cd49b71175f8f57c6d4cd0c87e46f2c5ec4536da0218d1fa07241e74a15
-
SHA512
e901cf9bd91da746941f0ff97b2016e8a668755b181881b98d273a30f348dcde16859fa0942ef4bb17df839be2b85bd250675d8afb84cba05c49cad7a786fa21
-
SSDEEP
98304:Q+fbKU9nu1m1bImqj68UDmxqEJBYEqlIq8oQ48PZZmiSH14M:Q+KU9FZIUD/EilQFPZ8iUJ
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/Ci_Util.exe unpack001/ColorBar.exe unpack001/ColorImpact.exe unpack001/QuickPalette.exe
Files
-
8767e2cb3f65d65d822ccb9d1a8d8677_JaffaCakes118.rar
-
AITEMPLATE
-
Ci_Util.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 381KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 133KB - Virtual size: 133KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ColorBar.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 380KB - Virtual size: 988KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 12KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 161KB - Virtual size: 164KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ColorImpact.chm.chm
-
ColorImpact.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 775KB - Virtual size: 2.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 63KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 12KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 385KB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 168KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ColorImpact.url
-
Configuration/DefaultFormulas.cff.xml
-
Configuration/Formulas.cff.xml
-
Configuration/History.chf.xml
-
Configuration/SpecSheet1.tpl
-
Configuration/SpecSheet2.tpl.html
-
Configuration/Tips.xml
-
Configuration/下载说明.htm.html .js polyglot
-
Configuration/安装说明.txt
-
Help.url
-
Palettes/ArtistsColorWheel/RYB_bright.cif.xml
-
Palettes/ArtistsColorWheel/RYB_dark.cif.xml
-
Palettes/ArtistsColorWheel/RYB_dull.cif.xml
-
Palettes/ArtistsColorWheel/RYB_light.cif.xml
-
Palettes/BlueGreen.cif.xml
-
Palettes/CompleteWebsites/Innovative.cif.xml
-
Palettes/CompleteWebsites/Powerful.cif.xml
-
Palettes/CompleteWebsites/Professional.cif.xml
-
Palettes/Green.cif.xml
-
Palettes/Purple.cif.xml
-
Palettes/RedBeige.cif.xml
-
Palettes/RedBrown.cif.xml
-
Palettes/下载说明.htm.html .js polyglot
-
QuickPalette.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 334KB - Virtual size: 844KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 11KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 179KB - Virtual size: 180KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ReadMe.htm.html
-
Templates/AssignColor.gif.gif
-
Templates/BaseColor.gif.gif
-
Templates/BottomBar.swf
-
Templates/Business.jpg.jpg
-
Templates/BusinessMan.swf
-
Templates/CI_Testpat_02.swf
-
Templates/CI_Testpat_02.tpl
-
Templates/CI_std_01.cff.xml
-
Templates/CI_std_01.cst
-
Templates/CI_std_01.tpl
-
Templates/CI_std_02.cff.xml
-
Templates/CI_std_02.cst
-
Templates/CI_std_02.tpl
-
Templates/CI_std_03.cff.xml
-
Templates/CI_std_03.cst
-
Templates/CI_std_03.tpl
-
Templates/CI_testpat_01.cff.xml
-
Templates/CI_testpat_01.swf
-
Templates/CI_testpat_01.tpl
-
Templates/CI_testpat_02.cff.xml
-
Templates/CI_testpat_03.cff.xml
-
Templates/CI_testpat_03.tpl
-
Templates/DynamicColors.swf
-
Templates/Fashion.swf
-
Templates/FlowerPattern.cff.xml
-
Templates/FlowerPattern.swf
-
Templates/FlowerPattern.tpl
-
Templates/Formula.gif.gif
-
Templates/Mountains.jpg.jpg
-
Templates/SPC.GIF.gif
-
Templates/TopBar.swf
-
Templates/WelcomeHd.swf
-
Templates/_welcome.cff.xml
-
Templates/_welcome.cst
-
Templates/_welcome.tpl
-
Templates/下载说明.htm.html .js polyglot
-
Uninstall/IRIMG1.JPG.jpg
-
Uninstall/IRIMG2.JPG.jpg
-
Uninstall/uninstall.dat
-
Uninstall/uninstall.xml
-
Uninstall/下载说明.htm.html .js polyglot
-
下载说明.htm.html .js polyglot
-
汉化说明.txt