Overview

overview

7

Static

static

3

a8c294cf9f...18.exe

windows7-x64

7

a8c294cf9f...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ro.exe

windows7-x64

7

$PLUGINSDI...ro.exe

windows10-2004-x64

7

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ut.exe

windows7-x64

7

$PLUGINSDI...ut.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ip.dll

windows7-x64

3

$PLUGINSDI...ip.dll

windows10-2004-x64

3

chrome/con...ble.js

windows7-x64

3

chrome/con...ble.js

windows10-2004-x64

3

chrome/con...er.htm

windows7-x64

3

chrome/con...er.htm

windows10-2004-x64

3

chrome/con...md5.js

windows7-x64

3

chrome/con...md5.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a8c294cf9f83935d1f883b70800a40b0_JaffaCakes118

  • Size

    4.0MB

  • MD5

    a8c294cf9f83935d1f883b70800a40b0

  • SHA1

    dd9bed9fd54dc41211cd0e1600733fe6492b48c4

  • SHA256

    e86aa01931385f00239193d21191b0cc8677782f496a2ebe02185f36b53b9b1f

  • SHA512

    161bab18cbbcf25137a8da417ea436eec29ef3be3f38a0c441584802af3525b1b72bf742820e9b46165d14879fc33fce29efe1554cf23a382f1f04e1ac11647a

  • SSDEEP

    98304:DDN66qdV6bK4ioKGVDWRTNGHuqTKVLzMxEfBNymmz:97qOPdVuTNGH6VsxcnymQ

Score
3/10

Malware Config

Signatures

  • Unsigned PE 35 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 10 IoCs
    installer

Files

  • a8c294cf9f83935d1f883b70800a40b0_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MobilewitchAcPro.exe
    .exe windows:1 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    54317f9e35e039c28fdb421cf518703e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/setup.ini
  • $PLUGINSDIR/webscout.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/CabDLL.dll
    .dll windows:5 windows x86 arch:x86

    a92f68e8c1cab2d35417d48fbcffff27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    153027ec3b10bcea606b777657dd3402


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISpcre.dll
    .dll windows:4 windows x86 arch:x86

    3efd46aba10b2e88f0bd15c6467e81ad


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/icon_house.bmp
  • $PLUGINSDIR/icon_magnifier.bmp
  • $PLUGINSDIR/icon_money.bmp
  • $PLUGINSDIR/license.rtf
    .rtf
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsUnzip.dll
    .dll windows:4 windows x86 arch:x86

    f61b492d16b51856da71c9a124fee190


    Headers

    Imports

    Exports

    Sections

  • $PROGRAMFILES/$R9/install.ico
  • $TEMP/$_14_
    .zip
  • chrome.manifest
  • chrome/content/somoto/1.png
    .png
  • chrome/content/somoto/10.png
    .png
  • chrome/content/somoto/11.png
    .png
  • chrome/content/somoto/12.png
    .png
  • chrome/content/somoto/13.png
    .png
  • chrome/content/somoto/14.png
    .png
  • chrome/content/somoto/15.png
    .png
  • chrome/content/somoto/16.png
    .png
  • chrome/content/somoto/17.png
    .png
  • chrome/content/somoto/18.png
    .png
  • chrome/content/somoto/19.png
    .png
  • chrome/content/somoto/2.png
    .png
  • chrome/content/somoto/20.png
    .png
  • chrome/content/somoto/21.png
    .png
  • chrome/content/somoto/22.png
    .png
  • chrome/content/somoto/23.png
    .png
  • chrome/content/somoto/24.png
    .png
  • chrome/content/somoto/25.png
    .png
  • chrome/content/somoto/26.png
    .png
  • chrome/content/somoto/27.png
    .png
  • chrome/content/somoto/28.png
    .png
  • chrome/content/somoto/29.png
    .png
  • chrome/content/somoto/3.png
    .png
  • chrome/content/somoto/30.png
    .png
  • chrome/content/somoto/31.png
    .png
  • chrome/content/somoto/32.png
    .png
  • chrome/content/somoto/33.png
    .png
  • chrome/content/somoto/34.png
    .png
  • chrome/content/somoto/35.png
    .png
  • chrome/content/somoto/36.png
    .png
  • chrome/content/somoto/37.png
    .png
  • chrome/content/somoto/38.png
    .png
  • chrome/content/somoto/39.png
    .png
  • chrome/content/somoto/4.png
    .png
  • chrome/content/somoto/40.png
    .png
  • chrome/content/somoto/41.png
    .png
  • chrome/content/somoto/42.png
    .png
  • chrome/content/somoto/43.png
    .png
  • chrome/content/somoto/44.png
    .png
  • chrome/content/somoto/45.png
    .png
  • chrome/content/somoto/46.png
    .png
  • chrome/content/somoto/47.png
    .png
  • chrome/content/somoto/48.png
    .png
  • chrome/content/somoto/49.png
    .png
  • chrome/content/somoto/5.png
    .png
  • chrome/content/somoto/50.png
    .png
  • chrome/content/somoto/51.png
    .png
  • chrome/content/somoto/52.png
    .png
  • chrome/content/somoto/53.png
    .png
  • chrome/content/somoto/54.png
    .png
  • chrome/content/somoto/55.png
    .png
  • chrome/content/somoto/56.png
    .png
  • chrome/content/somoto/57.png
    .png
  • chrome/content/somoto/6.png
    .png
  • chrome/content/somoto/7.png
    .png
  • chrome/content/somoto/8.png
    .png
  • chrome/content/somoto/9.png
    .png
  • chrome/content/somoto/affid.dat
  • chrome/content/somoto/basis.xml
    .xml
  • chrome/content/somoto/bubble.js
    .js
  • chrome/content/somoto/bubble.xul
    .xml
  • chrome/content/somoto/colorpicker.htm
    .html .js polyglot
  • chrome/content/somoto/contents.rdf
    .xml
  • chrome/content/somoto/icons.png
    .png
  • chrome/content/somoto/info.txt
  • chrome/content/somoto/jscontainer.htm
    .html
  • chrome/content/somoto/mbback.png
    .png
  • chrome/content/somoto/mbbigopen.png
    .png
  • chrome/content/somoto/mbclose.png
    .png
  • chrome/content/somoto/mbfwd.png
    .png
  • chrome/content/somoto/mbsep.png
    .png
  • chrome/content/somoto/md5.js
    .js
  • chrome/content/somoto/mozilla.xul
    .xml
  • chrome/content/somoto/mymenuitem.xml
    .xml
  • chrome/content/somoto/nav1c.png
    .png
  • chrome/content/somoto/options.js
    .js
  • chrome/content/somoto/options.xul
    .xml
  • chrome/content/somoto/separator.png
    .png
  • chrome/content/somoto/tb.css
  • chrome/content/somoto/tb.js
    .js
  • chrome/content/somoto/tb.xsl
    .xml
  • chrome/content/somoto/tb.xul
    .xml
  • chrome/content/somoto/tbcore3.inf
  • chrome/content/somoto/version.txt
  • install.rdf
    .xml
  • $TEMP/ietb.cab
    .cab
  • CustomTabPage.dll
    .dll windows:5 windows x86 arch:x86

    b36f915ffa0b6b796298e97d95e56923


    Headers

    Imports

    Exports

    Sections

  • KeywordsPlugin.dll
    .dll windows:5 windows x86 arch:x86

    c62b2d36c8b26beaad60f0c48043be49


    Headers

    Imports

    Exports

    Sections

  • MacroParserPlugin.dll
    .dll windows:5 windows x86 arch:x86

    b88efe81daff4f224a32db7d23838684


    Headers

    Imports

    Exports

    Sections

  • TbCommonUtils.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    9a7e5a5b2eca9091359ea0a5999f7447


    Headers

    Imports

    Exports

    Sections

  • TbHelper2.exe
    .exe windows:5 windows x86 arch:x86

    2c1fdd33325b2ffeb03bf7d1ce3d71a5


    Headers

    Imports

    Sections

  • affid.dat
  • alert_plugin.dll
    .dll windows:5 windows x86 arch:x86

    75128c731a192000505d6a6e51d67b92


    Headers

    Imports

    Exports

    Sections

  • basis.xml
    .xml
  • icons.bmp
  • info.txt
  • mbback.bmp
  • mbbigopen.bmp
  • mbclose.bmp
  • mbfwd.bmp
  • mbsep.bmp
  • nav1c.bmp
  • somoto.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    32af71368cbdf173ab04d242843ebffe


    Headers

    Imports

    Exports

    Sections

  • tbcore3.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    788cc25802e25f78056161add2467ce9


    Headers

    Imports

    Exports

    Sections

  • tbcore3.inf
  • tbhelper.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    ffdd8426c653b47a5b3f1bbbf3b8c377


    Headers

    Imports

    Exports

    Sections

  • uninstall.exe
    .exe windows:5 windows x86 arch:x86

    9e0fe6f614a50f094b2db57caf915b2f


    Headers

    Imports

    Sections

  • update.exe
    .exe windows:5 windows x86 arch:x86

    ec780198c29826820c6f49f3117d72ad


    Headers

    Imports

    Sections

  • version.txt
  • $TEMP/somoto_chrome.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsUnzip.dll
    .dll windows:4 windows x86 arch:x86

    f61b492d16b51856da71c9a124fee190


    Headers

    Imports

    Exports

    Sections

  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • chrome_installer.js
    .js
  • install.json
  • somoto.crx
    .zip
  • .svn/all-wcprops
  • .svn/entries
  • .svn/text-base/background.html.svn-base
  • .svn/text-base/cached_http_request.js.svn-base
    .js
  • .svn/text-base/extension_info.json.svn-base
  • .svn/text-base/main.js.svn-base
    .js
  • .svn/text-base/manifest.json.svn-base
  • .svn/text-base/popup.html.svn-base
  • .svn/text-base/popup.js.svn-base
    .js
  • .svn/text-base/tab.html.svn-base
  • .svn/text-base/tab.js.svn-base
    .js
  • background.html
  • cached_http_request.js
    .js
  • extension_info.json
  • icons/.svn/all-wcprops
  • icons/.svn/entries
  • icons/.svn/prop-base/icon128.png.svn-base
  • icons/.svn/prop-base/icon19.png.svn-base
  • icons/.svn/prop-base/icon32.png.svn-base
  • icons/.svn/prop-base/icon48.png.svn-base
  • icons/.svn/text-base/icon128.png.svn-base
    .png
  • icons/.svn/text-base/icon19.png.svn-base
    .png
  • icons/.svn/text-base/icon32.png.svn-base
    .png
  • icons/.svn/text-base/icon48.png.svn-base
    .png
  • icons/icon128.png
    .png
  • icons/icon19.png
    .png
  • icons/icon32.png
    .png
  • icons/icon48.png
    .png
  • includes/.svn/all-wcprops
  • includes/.svn/entries
  • includes/.svn/text-base/content.js.svn-base
  • includes/.svn/text-base/content_kango.js.svn-base
    .js
  • includes/.svn/text-base/content_messaging.js.svn-base
    .js
  • includes/.svn/text-base/content_userscript.js.svn-base
    .js
  • includes/content.js
  • includes/content_kango.js
    .js
  • includes/content_messaging.js
    .js
  • includes/content_userscript.js
    .js
  • kango-ui/.svn/all-wcprops
  • kango-ui/.svn/entries
  • kango-ui/.svn/text-base/button.js.svn-base
    .js
  • kango-ui/.svn/text-base/ui.js.svn-base
  • kango-ui/button.js
    .js
  • kango-ui/ui.js
  • kango/.svn/all-wcprops
  • kango/.svn/entries
  • kango/.svn/text-base/browser.js.svn-base
    .js
  • kango/.svn/text-base/console.js.svn-base
  • kango/.svn/text-base/event_listener.js.svn-base
  • kango/.svn/text-base/initialize.js.svn-base
    .js
  • kango/.svn/text-base/io.js.svn-base
    .js
  • kango/.svn/text-base/jsonstorage.js.svn-base
    .js
  • kango/.svn/text-base/kango.js.svn-base
    .js
  • kango/.svn/text-base/lang.js.svn-base
    .js
  • kango/.svn/text-base/messaging.js.svn-base
    .js
  • kango/.svn/text-base/userscript_engine.js.svn-base
    .js
  • kango/.svn/text-base/xhr.js.svn-base
    .js
  • kango/browser.js
    .js
  • kango/console.js
  • kango/event_listener.js
  • kango/initialize.js
    .js
  • kango/io.js
    .js
  • kango/jsonstorage.js
    .js
  • kango/kango.js
    .js
  • kango/lang.js
    .js
  • kango/messaging.js
    .js
  • kango/userscript_engine.js
    .js
  • kango/xhr.js
    .js
  • main.js
    .js
  • manifest.json
  • popup.html
  • popup.js
    .js
  • somoto/.svn/all-wcprops
  • somoto/.svn/entries
  • somoto/.svn/text-base/actions.js.svn-base
    .js
  • somoto/.svn/text-base/cachedxhr.js.svn-base
  • somoto/.svn/text-base/config.js.svn-base
    .js
  • somoto/.svn/text-base/macros.js.svn-base
    .js
  • somoto/.svn/text-base/somoto.js.svn-base
    .js
  • somoto/actions.js
    .js
  • somoto/cachedxhr.js
  • somoto/config.js
    .js
  • somoto/config.json
  • somoto/macros.js
    .js
  • somoto/somoto.js
    .js
  • tab.html
  • tab.js
    .js
  • sqlite3.exe
    .exe windows:4 windows x86 arch:x86

    146d733fc6865bded0562df01afedbdb


    Headers

    Imports

    Sections

  • UninstallToolbar.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    153027ec3b10bcea606b777657dd3402


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5bdcdde5acd7b395f3f3d19ebbb8c6cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • icon.ico
  • SkinMagic.dll
    .dll windows:4 windows x86 arch:x86

    73311293c21223a65c49aac91966fa84


    Headers

    Imports

    Exports

    Sections

  • packet.dll
    .dll windows:4 windows x86 arch:x86

    dc8c0d40b34348cdabb47af1cd619332


    Headers

    Imports

    Exports

    Sections

  • skin.smf
  • uTorrent Turbo Accelerator.exe
    .exe windows:5 windows x86 arch:x86

    0ee20ca7190b18c298fa44c164e5a390


    Headers

    Imports

    Sections

  • uninstall.exe.nsis