Overview

overview

7

Static

static

3

mcombocn.exe

windows7-x64

7

mcombocn.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/m2s_cn.exe

windows7-x64

7

$TEMP/m2s_cn.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Config/downloadmgr.js

windows7-x64

3

Config/downloadmgr.js

windows10-2004-x64

3

Language/C...LP.htm

windows7-x64

3

Language/C...LP.htm

windows10-2004-x64

3

Language/C...Bar.js

windows7-x64

3

Language/C...Bar.js

windows10-2004-x64

3

Language/C...lp.htm

windows7-x64

3

Language/C...lp.htm

windows10-2004-x64

3

Language/C...m.html

windows7-x64

3

Language/C...m.html

windows10-2004-x64

3

Language/C...ce.htm

windows7-x64

3

Language/C...ce.htm

windows10-2004-x64

3

Language/E...Bar.js

windows7-x64

3

Language/E...Bar.js

windows10-2004-x64

3

Language/E...lp.htm

windows7-x64

3

Language/E...lp.htm

windows10-2004-x64

3

Language/E...ce.htm

windows7-x64

3

Language/E...ce.htm

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    cf96127b85269267a86331e9baf51e08_JaffaCakes118

  • Size

    2.0MB

  • MD5

    cf96127b85269267a86331e9baf51e08

  • SHA1

    dd49961be14e43e441c8e6c6de2ae78edf0808b1

  • SHA256

    be7164f4d0ebf73ce0d8169094624dff31344c0f01e380acba11452c89981176

  • SHA512

    05e3a32ec08203a5c2011180b6bbb3c5b6be1d50ad157460b75bac1cdbfd05aa03e89da58837e41f38b959b20041f0daa0884364631751b48e32a2f13b83cdfa

  • SSDEEP

    49152:v/g1iM18AzUqBuHStZZMLoHsgyWEXV+hTLAsrn:vYNFUVH2ZMLoHUWEXVCTssrn

Score
3/10

Malware Config

Signatures

  • Unsigned PE 17 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • cf96127b85269267a86331e9baf51e08_JaffaCakes118
    .rar
  • mcombocn.exe
    .exe windows:4 windows x86 arch:x86

    55f3dfd13c0557d3e32bcbc604441dd3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    946eb0a1e85c9ade4acaf634eb5a64f1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/aList.xml
    .xml
  • $TEMP/m2s_cn.exe
    .exe windows:4 windows x86 arch:x86

    9c523d8653da5455667e3f82274f2f88


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    a98c2d2530d8a83f19de59b3c844ca6c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/nList.xml
    .xml
  • $TEMP/pList.xml
    .xml
  • $TEMP/sList.xml
  • Config/blacklist.htm
    .html .js polyglot
  • Config/blocked.wav
  • Config/default.ini
  • Config/downloadmgr.ini
    .js
  • Config/empty.swf
  • Config/plugins.ini
  • Groups/.cgp
  • Language/Chinese Traditional/DefaultSetup.ini
  • Language/Chinese Traditional/GOHELP.HTM
    .html
  • Language/Chinese Traditional/LANGUAGE.INI
  • Language/Chinese Traditional/RESOURCE.HTM
    .html .js polyglot
  • Language/Chinese Traditional/SEARCH.HTM
    .html .js polyglot
  • Language/Chinese Traditional/SearchBar.ini
    .js
  • Language/Chinese Traditional/TIPS.TXT
  • Language/Chinese Traditional/URLLIST.HTM
    .html .js polyglot
  • Language/Chinese/DefaultSetup.ini
  • Language/Chinese/DefaultSetup.ini.bak
  • Language/Chinese/gohelp.htm
    .html
  • Language/Chinese/gohelp.htm.bak
    .html
  • Language/Chinese/language.ini
  • Language/Chinese/resource.htm
    .html
  • Language/Chinese/rss.ini
  • Language/Chinese/search.htm
    .html .js polyglot
  • Language/Chinese/search.htm.bak
    .html .js polyglot
  • Language/Chinese/searchbar.ini
  • Language/Chinese/tips.dat
  • Language/Chinese/urllist.htm
    .html .js polyglot
  • Language/English/DefaultSetup.ini
  • Language/English/SearchBar.ini
    .js
  • Language/English/gohelp.htm
    .html
  • Language/English/language.ini
  • Language/English/resource.htm
    .html
  • Language/English/rss.ini
  • Language/English/search.htm
    .html
  • Language/English/tips.txt
  • Language/English/urllist.htm
    .html .js polyglot
  • License.txt
  • MaxUpdate.exe
    .exe windows:4 windows x86 arch:x86

    50756c99fcec593eef970562dc5b92bb


    Headers

    Imports

    Sections

  • Maxthon.exe
    .exe windows:4 windows x86 arch:x86

    5df5cd1feba74425c7767d47204d016b


    Headers

    Imports

    Exports

    Sections

  • MaxthonUINST.exe
    .exe windows:4 windows x86 arch:x86

    55f3dfd13c0557d3e32bcbc604441dd3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    a98c2d2530d8a83f19de59b3c844ca6c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/report_cn.ini
  • $PLUGINSDIR/un.recommand_cn.ini
  • Plugin/BuySearch/1.html
    .html
  • Plugin/BuySearch/m.ico
  • Plugin/BuySearch/plugin.ini
  • Plugin/EnableRightClick/EnableRightClick.htm
    .html .js polyglot
  • Plugin/EnableRightClick/invert.htm
    .html .js polyglot
  • Plugin/EnableRightClick/plugin.ini
  • Plugin/EnableRightClick/rc.ico
  • Plugin/EnableRightClick/rightclick.ico
  • Plugin/EnableRightClick/rightclick2.ico
  • Plugin/EnableRightClick/subfiles.nfo
  • Plugin/FlashSave/FlashSave.html
    .html .js polyglot
  • Plugin/FlashSave/cold.ico
  • Plugin/FlashSave/hot.ico
  • Plugin/FlashSave/plugin.ini
  • Plugin/FloatBar/FloatBar.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    2d1db46406901b96596e971843804268


    Headers

    Imports

    Exports

    Sections

  • Plugin/FloatBar/ReadMe.txt
  • Plugin/FloatBar/plugin.ini
  • Plugin/FloatBar/tempfile.html
    .html
  • Plugin/FloatBar/.txt
  • Plugin/Plugins-HowTo.htm
    .html
  • Plugin/ViewPage/Css/MyIE2HOME.css
  • Plugin/ViewPage/Css/darkness.css
  • Plugin/ViewPage/Css/webfx.css
  • Plugin/ViewPage/Css/winclassic.css
  • Plugin/ViewPage/Noname1.htm
    .html .js polyglot
  • Plugin/ViewPage/ViewPage_CN.htm
    .html .js polyglot
  • Plugin/ViewPage/ViewPage_EN.htm
    .html .js polyglot
  • Plugin/ViewPage/What's new.txt
  • Plugin/ViewPage/images/blank.gif
    .gif
  • Plugin/ViewPage/images/down.gif
    .gif
  • Plugin/ViewPage/images/index.gif
    .gif
  • Plugin/ViewPage/images/tip.gif
    .gif
  • Plugin/ViewPage/images/up.gif
    .gif
  • Plugin/ViewPage/images/view.gif
    .gif
  • Plugin/ViewPage/images/warn.gif
    .gif
  • Plugin/ViewPage/plugin.ini
  • Plugin/ViewPage/plugin0001.ini
  • Plugin/ViewPage/readme.txt
  • Plugin/ViewPage/script_cn.htm
    .html .js polyglot
  • Plugin/ViewPage/script_en.htm
    .html .js polyglot
  • Plugin/ViewPage/v.ico
  • Plugin/Weather/config.htm
    .html .js polyglot
  • Plugin/Weather/images/collapse.gif
    .gif
  • Plugin/Weather/images/config.gif
    .gif
  • Plugin/Weather/images/expand.gif
    .gif
  • Plugin/Weather/images/sun.gif
    .gif
  • Plugin/Weather/images/sync.gif
    .gif
  • Plugin/Weather/images/weather.gif
    .gif
  • Plugin/Weather/images/weather_title.jpg
    .jpg
  • Plugin/Weather/language/lan_cn.xml
    .xml
  • Plugin/Weather/language/lan_en.xml
    .xml
  • Plugin/Weather/plugin.ini
  • Plugin/Weather/readme.txt
  • Plugin/Weather/script/config.js
    .js
  • Plugin/Weather/script/weather.css
  • Plugin/Weather/script/weather.js
    .js
  • Plugin/Weather/script/weather2.js
    .js
  • Plugin/Weather/weather.htm
    .html .js polyglot
  • Plugin/Weather/weather.ico
  • Plugin/Weather/weather2.htm
    .html .js polyglot
  • Plugin/Zhuaxia Sidebar/DefaultSettings.ini
  • Plugin/Zhuaxia Sidebar/Settings.ini
  • Plugin/Zhuaxia Sidebar/images/down.gif
    .gif
  • Plugin/Zhuaxia Sidebar/images/nochange.gif
    .gif
  • Plugin/Zhuaxia Sidebar/images/up.gif
    .gif
  • Plugin/Zhuaxia Sidebar/max.src
    .js
  • Plugin/Zhuaxia Sidebar/plugin.ini
  • Plugin/Zhuaxia Sidebar/zhuaxia.html
    .html
  • Plugin/Zhuaxia Sidebar/zhuaxia.ico
  • Plugin/maxvideo/cold.ico
  • Plugin/maxvideo/hot.ico
  • Plugin/maxvideo/maxvideo.htm
    .html
  • Plugin/maxvideo/plugin.ini
  • Services/realtime/Settings.ini
  • Services/realtime/real_time.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    835a4abc25b026afe354051dbed60008


    Headers

    Imports

    Exports

    Sections

  • Skin/ChaNinja Style - SubZero/bg.bmp
  • Skin/ChaNinja Style - SubZero/button_a.bmp
  • Skin/ChaNinja Style - SubZero/button_i.bmp
  • Skin/ChaNinja Style - SubZero/checked.ico
  • Skin/ChaNinja Style - SubZero/coldtool.bmp
  • Skin/ChaNinja Style - SubZero/coldtool_s.bmp
  • Skin/ChaNinja Style - SubZero/fav_folders.bmp
  • Skin/ChaNinja Style - SubZero/go.bmp
  • Skin/ChaNinja Style - SubZero/hottool.bmp
  • Skin/ChaNinja Style - SubZero/hottool1.bmp
  • Skin/ChaNinja Style - SubZero/hottool_s.bmp
  • Skin/ChaNinja Style - SubZero/iconani.bmp
  • Skin/ChaNinja Style - SubZero/preview.gif
    .gif
  • Skin/ChaNinja Style - SubZero/progress.bmp
  • Skin/ChaNinja Style - SubZero/skin.ini
  • Skin/ChaNinja Style - SubZero/status.bmp
  • Skin/ChaNinja Style - SubZero/sysmenu.bmp
  • Skin/ChaNinja Style - SubZero/tab.bmp
  • Skin/ChaNinja Style - SubZero/unchecked.ico
  • Skin/Default/bg.bmp
  • Skin/Default/icons.bmp
  • Skin/Default/skin.ini
  • Skin/Default/skin1.ini
  • Skin/MSN_EXP/bg.bmp
  • Skin/MSN_EXP/coldtool.bmp
  • Skin/MSN_EXP/coldtool_s.bmp
  • Skin/MSN_EXP/go.bmp
  • Skin/MSN_EXP/hottool.bmp
  • Skin/MSN_EXP/hottool1.bmp
  • Skin/MSN_EXP/hottool_s.bmp
  • Skin/MSN_EXP/iconani.bmp
  • Skin/MSN_EXP/link.bmp
  • Skin/MSN_EXP/preview.gif
    .gif
  • Skin/MSN_EXP/progress.bmp
  • Skin/MSN_EXP/sb_bg.BMP
  • Skin/MSN_EXP/sidebar_s.bmp
  • Skin/MSN_EXP/sidebar_u.bmp
  • Skin/MSN_EXP/skin.ini
  • Skin/MSN_EXP/status.bmp
  • Skin/MSN_EXP/sysmenu.bmp
  • Skin/MSN_EXP/tab.bmp
  • Skin/Safari/Bg.BMP
  • Skin/Safari/Bg_sp.BMP
  • Skin/Safari/Bg_st.BMP
  • Skin/Safari/coldtool.bmp
  • Skin/Safari/coldtool_s.bmp
  • Skin/Safari/fav_folder.bmp
  • Skin/Safari/go.bmp
  • Skin/Safari/hottool.bmp
  • Skin/Safari/hottool_s.bmp
  • Skin/Safari/icon.bmp
  • Skin/Safari/preview.gif
    .gif
  • Skin/Safari/s_i.ico
  • Skin/Safari/sidebar_s.bmp
  • Skin/Safari/sidebar_u.bmp
  • Skin/Safari/skin.ini
  • Skin/Safari/status.bmp
  • Skin/Safari/sysmenu.bmp
  • Skin/Safari/tab.bmp
  • Skin/Safari/u_i.ico
  • Skin/tang/IconAni.bmp
  • Skin/tang/Readme.txt
  • Skin/tang/Status.bmp
  • Skin/tang/check.ico
  • Skin/tang/cooltool.bmp
  • Skin/tang/cooltool_s.bmp
  • Skin/tang/go.bmp
  • Skin/tang/hottool.bmp
  • Skin/tang/hottool1.bmp
  • Skin/tang/hottool1_s.bmp
  • Skin/tang/hottool_s.bmp
  • Skin/tang/link.bmp
  • Skin/tang/main_bg.bmp
  • Skin/tang/preview.gif
    .gif
  • Skin/tang/progress.bmp
  • Skin/tang/progress1.bmp
  • Skin/tang/progress2.bmp
  • Skin/tang/progress3.bmp
  • Skin/tang/side_bg.bmp
  • Skin/tang/sidebar_s.bmp
  • Skin/tang/sidebar_u.bmp
  • Skin/tang/skin.ini
  • Skin/tang/skin1.ini
  • Skin/tang/skin2.ini
  • Skin/tang/skin3.ini
  • Skin/tang/sysmenu.bmp
  • Skin/tang/tab.bmp
  • Skin/tang/tab_bg.bmp
  • maxthon.exe
    .exe windows:4 windows x86 arch:x86

    6db0b68065f627a02506ff61055bdf38


    Headers

    Imports

    Exports

    Sections

  • maxthon.exe.manifest
    .xml
  • maxzlib.dll
    .dll windows:4 windows x86 arch:x86

    bce90da5cd731751eca82d6e48766455


    Headers

    Imports

    Exports

    Sections

  • mstyle.css
  • sp2enable.reg
  • sp2removal.reg
  • what's new.txt
  • 安装说明.url
    .url