Overview

overview

7

Static

static

7

sogou_pinyin_32.exe

windows7-x64

7

sogou_pinyin_32.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/SogouPY.dll

windows7-x64

3

$SYSDIR/SogouPY.dll

windows10-2004-x64

3

$_13_/SogouPY.dll

windows7-x64

1

$_13_/SogouPY.dll

windows10-2004-x64

1

$_13_/SogouPY.dll

windows7-x64

1

$_13_/SogouPY.dll

windows10-2004-x64

1

$_15_/Conf...b2.exe

windows7-x64

3

$_15_/Conf...b2.exe

windows10-2004-x64

3

$_15_/HWSignature.dll

windows7-x64

6

$_15_/HWSignature.dll

windows10-2004-x64

6

$_15_/ImeUtil.exe

windows7-x64

3

$_15_/ImeUtil.exe

windows10-2004-x64

3

$_15_/PinyinUp.exe

windows7-x64

3

$_15_/PinyinUp.exe

windows10-2004-x64

3

$_15_/Resource.dll

windows7-x64

1

$_15_/Resource.dll

windows10-2004-x64

1

$_15_/ScdMaker.exe

windows7-x64

3

$_15_/ScdMaker.exe

windows10-2004-x64

3

$_15_/ScdReg.exe

windows7-x64

3

$_15_/ScdReg.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a4bcb3c43e980a1b6da5ff463ef29fb3_JaffaCakes118

  • Size

    10.5MB

  • MD5

    a4bcb3c43e980a1b6da5ff463ef29fb3

  • SHA1

    84dc00c7c8cd82974bb7a9f1429ec88e37d0d867

  • SHA256

    245742d3837977dfad7b671f23dc5ff21363af0906dd880719432cd7ecc494a8

  • SHA512

    70174f084e985f234925515d5924e50120da1a9bb19639a4691c2f463f630a5f35c7ffff7def392a3ff1fa0f8fc6f66b9285e0c7a918146b6e996a0800f56b35

  • SSDEEP

    196608:0YVL4CzU/6UePFJE6GVrzJ4yox3dxNljUEfPVuNjbNVwksXg84ZkOMr:xLJQ/6UebE6sbA3ddHijbNVwksXFF9r

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • a4bcb3c43e980a1b6da5ff463ef29fb3_JaffaCakes118
    .rar
  • sogou_pinyin_32.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupLib.dll
    .dll windows:4 windows x86 arch:x86

    b3c9a37372e7a4370c84b8fe60f294e1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    7868cd55f358bfb360f9eb8ce1512ca0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/SogouPY.ime~
    .dll windows:4 windows x86 arch:x86

    c49f8d8beec0bea04f75bb0d15123e53


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_13_/$_15_/Uninstall.exe.nsis
  • $_13_/SogouPY.ime
    .dll windows:4 windows x64 arch:x64

    4d1bf286c7434338f02bc1c5be2b85e3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_13_/SogouPY.ime~
    .dll windows:4 windows x64 arch:x64

    4d1bf286c7434338f02bc1c5be2b85e3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/AllSkin/2008.ssf
    .zip
  • a1.bmp
  • a2.bmp
  • a3.bmp
  • ban1.bmp
  • ban2.bmp
  • ban3.bmp
  • bar.bmp
  • cn1.bmp
  • cn2.bmp
  • cn3.bmp
  • cn_biaodian1.bmp
  • cn_biaodian2.bmp
  • cn_biaodian3.bmp
  • en1.bmp
  • en2.bmp
  • en3.bmp
  • en_biaodian1.bmp
  • en_biaodian2.bmp
  • en_biaodian3.bmp
  • key1.bmp
  • key2.bmp
  • key3.bmp
  • menu1.bmp
  • menu2.bmp
  • menu3.bmp
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • quan1.bmp
  • quan2.bmp
  • quan3.bmp
  • skin.ini
  • skin1.bmp
  • skin1_1.bmp
  • skin1_2.bmp
  • skin2.bmp
  • skin2_1.bmp
  • skin2_2.bmp
  • $_15_/AllSkin/ħС.ssf
    .zip
  • a1.bmp
  • a2.bmp
  • a3.bmp
  • ban1.bmp
  • ban2.bmp
  • ban3.bmp
  • bar.bmp
    .png
  • cn1.bmp
  • cn2.bmp
  • cn3.bmp
  • cn_biaodian1.bmp
  • cn_biaodian2.bmp
  • cn_biaodian3.bmp
  • en1.bmp
  • en2.bmp
  • en3.bmp
  • en_biaodian1.bmp
  • en_biaodian2.bmp
  • en_biaodian3.bmp
  • key1.bmp
  • key2.bmp
  • key3.bmp
  • menu1.png
    .png
  • menu2.png
    .png
  • menu3.png
    .png
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • quan1.bmp
  • quan2.bmp
  • quan3.bmp
  • skin.ini
  • skin1.png
    .png
  • skin1_1.png
    .png
  • skin1_2.png
    .png
  • skin2.png
    .png
  • skin2_1.png
    .png
  • skin2_2.png
    .png
  • $_15_/AllSkin/ġް.ssf
    .zip
  • a1.bmp
  • a2.bmp
  • a3.bmp
  • ban1.bmp
  • ban2.bmp
  • ban3.bmp
  • bar.bmp
  • cn1.bmp
  • cn2.bmp
  • cn3.bmp
  • cn_biaodian1.bmp
  • cn_biaodian2.bmp
  • cn_biaodian3.bmp
  • en1.bmp
  • en2.bmp
  • en3.bmp
  • en_biaodian1.bmp
  • en_biaodian2.bmp
  • en_biaodian3.bmp
  • key1.bmp
  • key2.bmp
  • key3.bmp
  • menu1.bmp
  • menu2.bmp
  • menu3.bmp
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • quan1.bmp
  • quan2.bmp
  • quan3.bmp
  • skin.ini
  • skin1.bmp
  • skin1_1.bmp
  • skin1_2.bmp
  • skin2.bmp
  • skin2_1.bmp
  • skin2_2.bmp
  • $_15_/AllSkin/-·ڽ.ssf
    .zip
  • a1.bmp
  • a2.bmp
  • a3.bmp
  • ban1.bmp
  • ban2.bmp
  • ban3.bmp
  • bar.bmp
  • cn1.bmp
  • cn2.bmp
  • cn3.bmp
  • cn_biaodian1.bmp
  • cn_biaodian2.bmp
  • cn_biaodian3.bmp
  • en1.bmp
  • en2.bmp
  • en3.bmp
  • en_biaodian1.bmp
  • en_biaodian2.bmp
  • en_biaodian3.bmp
  • key1.bmp
  • key2.bmp
  • key3.bmp
  • menu1.bmp
  • menu2.bmp
  • menu3.bmp
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • quan1.bmp
  • quan2.bmp
  • quan3.bmp
  • skin.ini
  • skin1.bmp
  • skin1_1.bmp
  • skin1_2.bmp
  • skin2.bmp
  • skin2_1.bmp
  • skin2_2.bmp
  • $_15_/AllSkin/-һֻ.ssf
    .zip
  • a1.bmp
  • a2.bmp
  • a3.bmp
  • ban1.bmp
  • ban2.bmp
  • ban3.bmp
  • bar.bmp
  • cn1.bmp
  • cn2.bmp
  • cn3.bmp
  • cn_biaodian1.bmp
  • cn_biaodian2.bmp
  • cn_biaodian3.bmp
  • en1.bmp
  • en2.bmp
  • en3.bmp
  • en_biaodian1.bmp
  • en_biaodian2.bmp
  • en_biaodian3.bmp
  • key1.bmp
  • key2.bmp
  • key3.bmp
  • menu1.bmp
  • menu2.bmp
  • menu3.bmp
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • quan1.bmp
  • quan2.bmp
  • quan3.bmp
  • skin.ini
  • skin1.bmp
  • skin1_1.bmp
  • skin1_2.bmp
  • skin2.bmp
  • skin2_1.bmp
  • skin2_2.bmp
  • $_15_/AllSkin/״̬ĬƤ.ssf
    .zip
  • 1.bmp
  • 10.bmp
  • 11.bmp
  • 12.bmp
  • 13.bmp
  • 14.bmp
  • 15.bmp
  • 16.bmp
  • 17.bmp
  • 18.bmp
  • 19.bmp
  • 2.bmp
  • 20.bmp
  • 21.bmp
  • 22.bmp
  • 23.bmp
  • 24.bmp
  • 25.bmp
  • 26.bmp
  • 27.bmp
  • 28.bmp
  • 29.bmp
  • 3.bmp
  • 30.bmp
  • 31.bmp
  • 32.bmp
  • 33.bmp
  • 34.bmp
  • 35.bmp
  • 36.bmp
  • 37.bmp
  • 38.bmp
  • 39.bmp
  • 4.bmp
  • 40.bmp
  • 41.bmp
  • 42.bmp
  • 5.bmp
  • 6.bmp
  • 7.bmp
  • 8.bmp
  • 9.bmp
  • bar.bmp
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • skin.ini
  • skin1.bmp
  • skin1_1.bmp
  • skin1_2.bmp
  • skin2.bmp
  • skin2_1.bmp
  • skin2_2.bmp
  • $_15_/AllSkin/˹-.ssf
    .zip
  • a1.bmp
  • a2.bmp
  • a3.bmp
  • ban1.bmp
  • ban2.bmp
  • ban3.bmp
  • bar.bmp
  • cn1.bmp
  • cn2.bmp
  • cn3.bmp
  • cn_biaodian1.bmp
  • cn_biaodian2.bmp
  • cn_biaodian3.bmp
  • en1.bmp
  • en2.bmp
  • en3.bmp
  • en_biaodian1.bmp
  • en_biaodian2.bmp
  • en_biaodian3.bmp
  • key1.bmp
  • key2.bmp
  • key3.bmp
  • menu1.bmp
  • menu2.bmp
  • menu3.bmp
  • pass1.bmp
  • pass2.bmp
  • pass3.bmp
  • passon1.bmp
  • passon2.bmp
  • passon3.bmp
  • quan1.bmp
  • quan2.bmp
  • quan3.bmp
  • skin.ini
  • skin1.bmp
  • skin1_1.bmp
  • skin1_2.bmp
  • skin2.bmp
  • skin2_1.bmp
  • skin2_2.bmp
  • $_15_/AllSkin/-͵.ssf
    .zip
  • $_15_/ConfigMover30b2.exe
    .exe windows:4 windows x86 arch:x86

    23c66f324e0bfa41a56200360ba3ef41


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/Correction.ini
  • $_15_/HWSignature.dll
    .dll windows:4 windows x86 arch:x86

    3805775f1dde052333909932d791dd7f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/ImeUtil.exe
    .exe windows:4 windows x86 arch:x86

    fd7108d9efc9959d041856844d51abd4


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/MoHuYin.ini
  • $_15_/PinyinUp.exe
    .exe windows:4 windows x86 arch:x86

    96bf9c6bdf525b08fa3294bc37fdd4a6


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/Punctures.ini
  • $_15_/Resource.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $_15_/ScdMaker.exe
    .exe windows:4 windows x86 arch:x86

    067764c3853eb409bf3c4675424ff2bd


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/ScdReg.exe
    .exe windows:4 windows x86 arch:x86

    f170a63397f81601bd8515beb2130827


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/ScdViewer.exe
    .exe windows:4 windows x86 arch:x86

    a92365d86536963435c25c8a759bcab7


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/ShuangPinSchemes/ABC.ini
  • $_15_/ShuangPinSchemes/MS2003.ini
  • $_15_/ShuangPinSchemes/PinyinJiaJia.ini
  • $_15_/ShuangPinSchemes/Sogou.ini
  • $_15_/ShuangPinSchemes/ZiGuang.ini
  • $_15_/ShuangPinSchemes/ZiRanMa.ini
  • $_15_/SkinReg.exe
    .exe windows:4 windows x86 arch:x86

    46af7c1083244e8df5f4d5377597cda4


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/SogouTSF.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    eeaf1cf892d8e72dc6f6ddfd02e103df


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/SpeedMeter.exe
    .exe windows:4 windows x86 arch:x86

    2c841c3a182b5811a30bc2ff8baeca02


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/UserPage.exe
    .exe windows:4 windows x86 arch:x86

    a6c0a42312bcc55726bf76cc11b7a443


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/UsrDictUtil.exe
    .exe windows:4 windows x86 arch:x86

    656cf0927c302167b6b24689fd2f911e


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/ZipLib.dll
    .dll windows:4 windows x86 arch:x86

    e9e3e889eb611f82d8248013645538e5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/ZipLib64.dll
    .dll windows:4 windows x64 arch:x64

    fa927be1c435e2c38f47299546ad6174


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/config.exe
    .exe windows:4 windows x86 arch:x86

    b1ad19ecc547f132b4c1eff95c0ff412


    Code Sign

    Headers

    Imports

    Sections

  • $_15_/phrases.ini
  • $_15_/scd/ʫ.scel
  • $_15_/scd/¸top180.scel
  • $_15_/scd/δʾѡ.scel
  • $_15_/scd/йƱ.scel
  • $_15_/scd/ʫ300.scel
  • $_15_/scd/´.scel
  • $_15_/scdlist.ini
  • $_15_/sgim_annex.bin
  • $_15_/sgim_bigram.bin
  • $_15_/sgim_hz.bin
  • $_15_/sgim_py.bin
  • $_15_/sgim_pytip.bin
  • $_15_/sgim_sys.bin
  • $_15_/sgim_tra.bin
  • $_15_/sgim_url.bin
  • $_15_/userNetSchedule.exe
    .exe windows:4 windows x86 arch:x86

    af6a54dd6e7700b73d9ad74f87378feb


    Code Sign

    Headers

    Imports

    Sections

  • $_16_/FC_Puncture.exe
    .exe windows:4 windows x86 arch:x86

    6b8f56a335d293a742c9f70b59366edd


    Code Sign

    Headers

    Imports

    Sections

  • $_16_/Install.exe
    .exe windows:4 windows x86 arch:x86

    bf82389bbbfcf3aa478cb35ce5176cde


    Code Sign

    Headers

    Imports

    Sections

  • $_16_/check.exe
    .exe windows:4 windows x86 arch:x86

    a700d2b44e57167a082b1ea05b531095


    Code Sign

    Headers

    Imports

    Sections

  • $_19_/SogouPy.ime
    .dll windows:4 windows x86 arch:x86

    c49f8d8beec0bea04f75bb0d15123e53


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • AllSkin/tmp/2008.ssf
    .zip
  • AllSkin/tmp/ħС.ssf
    .zip
  • AllSkin/tmp/ġް.ssf
    .zip
  • AllSkin/tmp/-·ڽ.ssf
    .zip
  • AllSkin/tmp/-һֻ.ssf
    .zip
  • AllSkin/tmp/״̬ĬƤ.ssf
    .zip
  • AllSkin/tmp/˹-.ssf
    .zip
  • AllSkin/tmp/-͵.ssf
    .zip
  • InstTemp/ConfigMover30b2.exe
    .exe windows:4 windows x86 arch:x86

    23c66f324e0bfa41a56200360ba3ef41


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/HWSignature.dll
    .dll windows:4 windows x86 arch:x86

    3805775f1dde052333909932d791dd7f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstTemp/ImeUtil.exe
    .exe windows:4 windows x86 arch:x86

    fd7108d9efc9959d041856844d51abd4


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/PinyinUp.exe
    .exe windows:4 windows x86 arch:x86

    96bf9c6bdf525b08fa3294bc37fdd4a6


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/Plugin/SgImeWord.dll
    .dll windows:4 windows x86 arch:x86

    8cad4704ce22f5301f6c61ec14895ca8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstTemp/Plugin/SgImeWord64.dll
    .dll windows:4 windows x64 arch:x64

    7d6cc627ddd88bb160fc8dfaa92b1e87


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstTemp/Resource.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • InstTemp/ScdMaker.exe
    .exe windows:4 windows x86 arch:x86

    067764c3853eb409bf3c4675424ff2bd


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/ScdReg.exe
    .exe windows:4 windows x86 arch:x86

    f170a63397f81601bd8515beb2130827


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/ScdViewer.exe
    .exe windows:4 windows x86 arch:x86

    a92365d86536963435c25c8a759bcab7


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/SkinReg.exe
    .exe windows:4 windows x86 arch:x86

    46af7c1083244e8df5f4d5377597cda4


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/SogouTSF.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    eeaf1cf892d8e72dc6f6ddfd02e103df


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstTemp/SpeedMeter.exe
    .exe windows:4 windows x86 arch:x86

    2c841c3a182b5811a30bc2ff8baeca02


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/UserPage.exe
    .exe windows:4 windows x86 arch:x86

    a6c0a42312bcc55726bf76cc11b7a443


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/UsrDictUtil.exe
    .exe windows:4 windows x86 arch:x86

    656cf0927c302167b6b24689fd2f911e


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/ZipLib.dll
    .dll windows:4 windows x86 arch:x86

    e9e3e889eb611f82d8248013645538e5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstTemp/ZipLib64.dll
    .dll windows:4 windows x64 arch:x64

    fa927be1c435e2c38f47299546ad6174


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstTemp/config.exe
    .exe windows:4 windows x86 arch:x86

    b1ad19ecc547f132b4c1eff95c0ff412


    Code Sign

    Headers

    Imports

    Sections

  • InstTemp/sgim_annex.bin
  • InstTemp/sgim_bigram.bin
  • InstTemp/sgim_hz.bin
  • InstTemp/sgim_py.bin
  • InstTemp/sgim_pytip.bin
  • InstTemp/sgim_sys.bin
  • InstTemp/sgim_tra.bin
  • InstTemp/sgim_url.bin
  • InstTemp/userNetSchedule.exe
    .exe windows:4 windows x86 arch:x86

    af6a54dd6e7700b73d9ad74f87378feb


    Code Sign

    Headers

    Imports

    Sections

  • Plugin/SgImeWord.dll
    .dll windows:4 windows x86 arch:x86

    8cad4704ce22f5301f6c61ec14895ca8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Plugin/SgImeWord64.dll
    .dll windows:4 windows x64 arch:x64

    7d6cc627ddd88bb160fc8dfaa92b1e87


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • ShuangPinSchemes/ABC.ini
  • ShuangPinSchemes/MS2003.ini
  • ShuangPinSchemes/PinyinJiaJia.ini
  • ShuangPinSchemes/Sogou.ini
  • ShuangPinSchemes/ZiGuang.ini
  • ShuangPinSchemes/ZiRanMa.ini
  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • scd/ʫ.scel
  • scd/¸top180.scel
  • scd/δʾѡ.scel
  • scd/йƱ.scel
  • scd/ʫ300.scel
  • scd/´.scel
  • scdlist.ini
  • 新云软件.url
    .url