Overview

overview

10

Static

static

10

13e83f2b3a...18.exe

windows7-x64

7

13e83f2b3a...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Action.exe

windows7-x64

7

Action.exe

windows10-2004-x64

7

Action.vbs

windows7-x64

7

Action.vbs

windows10-2004-x64

7

ActionPlayer.exe

windows7-x64

3

ActionPlayer.exe

windows10-2004-x64

1

Action_x64.exe

windows7-x64

7

Action_x64.exe

windows10-2004-x64

7

Action_x86.exe

windows7-x64

7

Action_x86.exe

windows10-2004-x64

7

D3DX9_40.dll

windows7-x64

3

D3DX9_40.dll

windows10-2004-x64

3

EULA_Action!.rtf

windows7-x64

4

EULA_Action!.rtf

windows10-2004-x64

1

action_lau...64.exe

windows7-x64

1

action_lau...64.exe

windows10-2004-x64

1

action_lau...86.exe

windows7-x64

1

action_lau...86.exe

windows10-2004-x64

action_logon.exe

windows7-x64

1

action_logon.exe

windows10-2004-x64

1

action_svc.exe

windows7-x64

1

action_svc.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    13e83f2b3a8192b053eb755f4b55c44d_JaffaCakes118

  • Size

    22.6MB

  • MD5

    13e83f2b3a8192b053eb755f4b55c44d

  • SHA1

    5b814a8117e91743724e1c5312323dddf32cb865

  • SHA256

    4f7b5759164c2a0934e41752e8ab4b920b6b2cc6ab09bbbc7d7b516f73821a3f

  • SHA512

    1ad364f951a784829f7d3efa3b3c3e0f98a5311e7660f5c2342e88cc492d32e0867e91a878b161068f76b29f2f6bb95c53d29d7203b366fa2646735fd3d8b7cb

  • SSDEEP

    393216:jDg5NXPR1jObc8PcWejThf8xHUvLUF1vaC7Jal04t3tNsmuw6HDvJYiR5LPWa3JX:XkXTcBPYf92UvdC7Jolt3IFDmM9Wal

Score
10/10
vmprotectprivateloader

Malware Config

Signatures

  • Privateloader family
    privateloader
  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • 13e83f2b3a8192b053eb755f4b55c44d_JaffaCakes118
    .exe windows:5 windows x86 arch:x86

    be41bf7b8cc010b614bd36bbca606973


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:5 windows x86 arch:x86

    e981c0ab92cb1f191bb5e23392e14796


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:5 windows x86 arch:x86

    45d25ca52c312b2254c60dbcb30342d1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • Action.exe
    .exe windows:5 windows x86 arch:x86

    d9d400f820341a99d139b8047cb5bd48


    Code Sign

    Headers

    Imports

    Sections

  • Action.vbs
    .vbs
  • ActionPlayer.exe
    .exe windows:5 windows x86 arch:x86

    18953ddb65fdae3fa5faa933d0c1c605


    Code Sign

    Headers

    Imports

    Sections

  • Action_x64.bin
    .exe windows:5 windows x64 arch:x64

    cbb382323b012f9cc4328eb5a3a04a48


    Code Sign

    Headers

    Imports

    Sections

  • Action_x86.bin
    .exe windows:5 windows x86 arch:x86

    b91a5633838ff7aca347f4535f74321f


    Code Sign

    Headers

    Imports

    Sections

  • D3DX9_40.dll
    .dll windows:6 windows x86 arch:x86

    e22d801543b0946d1782f9cb30c03d6c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • EULA_Action!.rtf
    .rtf
  • Uninstall.exe.nsis
  • action_launcher_x64.exe
    .exe windows:5 windows x64 arch:x64

    104fd260f906251907501b356b4d8abf


    Code Sign

    Headers

    Imports

    Sections

  • action_launcher_x86.exe
    .exe windows:5 windows x86 arch:x86

    1a42ca0ae91e4b0e95b768e9230ab41d


    Code Sign

    Headers

    Imports

    Sections

  • action_logon.exe
    .exe windows:5 windows x86 arch:x86

    962b0839866d86d1357767a9a104c693


    Code Sign

    Headers

    Imports

    Sections

  • action_svc.exe
    .exe windows:5 windows x86 arch:x86

    17b8662ab80cb166ced3436b0e15d450


    Code Sign

    Headers

    Imports

    Sections

  • action_x64.dll
    .dll windows:5 windows x64 arch:x64

    81159be5fd0e35817f83657cfa87817e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • action_x86.dll
    .dll windows:5 windows x86 arch:x86

    2571de499ef89554f067f676d2412f12


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • aenc.dll
    .dll windows:5 windows x86 arch:x86

    56923c296efbe4b0ac85629920f39838


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • aenc2.dll
    .dll windows:5 windows x86 arch:x86

    56923c296efbe4b0ac85629920f39838


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • amf-component-vce-windesktop32.dll
    .dll windows:5 windows x86 arch:x86

    e9c51331dcc7bf5953bf4c147a84ddfe


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • amf-core-windesktop32.dll
    .dll windows:5 windows x86 arch:x86

    643a60eb62917b6b37bbd846f6dbd4fe


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • amfenc.dll
    .dll windows:5 windows x86 arch:x86

    947ae3ca56d3420838f5af6bc3c196e7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • apu2enc.dll
    .dll windows:5 windows x86 arch:x86

    1d6b855c06e083ef8cd357e7c0245ca3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • booter.exe
    .exe windows:4 windows x86 arch:x86

    d151a82eec0c8f242f924cb2ea95baff


    Code Sign

    Headers

    Imports

    Sections

  • ficvdec_x64.dll
    .dll windows:5 windows x64 arch:x64

    9c3976930272066c6dfe8ffd7ee211f0


    Headers

    Imports

    Exports

    Sections

  • ficvdec_x64.reg
  • ficvdec_x86.dll
    .dll windows:5 windows x86 arch:x86

    08cf423e5a789a48293bb591b9849fb6


    Headers

    Imports

    Exports

    Sections

  • ficvdec_x86.reg
  • libmfxsw32.dll
    .dll windows:6 windows x86 arch:x86

    a73aced5b1a0d5734c83161161ab00be


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • msvcp100.dll
    .dll windows:5 windows x86 arch:x86

    7a0d9f66efd1839f136ca6896fa52dfa


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • msvcr100.dll
    .dll windows:5 windows x86 arch:x86

    5271d5ce8b44dd47bc92563e27585466


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • muxer.dll
    .dll windows:5 windows x86 arch:x86

    27934c0730f46463b04c51b551546a0c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • nvEncodeAPI.dll
    .dll windows:6 windows x86 arch:x86

    bd9242d455fa9ef8af534664bc4aa864


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • player_theme.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • preinstall.exe
    .exe windows:5 windows x86 arch:x86

    4dc93fc64589f2f15ed0d6174a2ddf77


    Code Sign

    Headers

    Imports

    Sections

  • rcu.dll
    .dll windows:5 windows x86 arch:x86

    cf95ee1df4f2c1935f2d02d6388b7643


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • register_ficv_codec.bat
  • res0407.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0407_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0409.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0409_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res040a.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res040a_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res040c.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res040c_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0410.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0410_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0411.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0411_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0413.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0413_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0415.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0415_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0416.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0416_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0418.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0418_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0419.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0419_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res042a.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res042a_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0816.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • res0816_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • resa936.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • resa936_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • resb936.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • resb936_ex.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • tldr.dll
    .dll windows:5 windows x86 arch:x86

    be4cb2726e8dae71bab93e5225513825


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tscap.bin
    .exe windows:5 windows x86 arch:x86

    0fffa9d87717181050467a4fdb172d7b


    Code Sign

    Headers

    Imports

    Sections

  • tutorial/1.html
    .html
  • tutorial/10.html
    .html
  • tutorial/11.html
    .html
  • tutorial/12.html
    .html
  • tutorial/13.html
    .html
  • tutorial/14.html
    .html .js polyglot
  • tutorial/2.html
    .html
  • tutorial/3.html
    .html
  • tutorial/4.html
    .html
  • tutorial/5.html
    .html
  • tutorial/6.html
    .html
  • tutorial/7.html
    .html
  • tutorial/8.html
    .html
  • tutorial/9.html
    .html
  • tutorial_launcher.exe
    .exe windows:5 windows x86 arch:x86

    3c4c3644a823d9247fe1af4a664ce192


    Code Sign

    Headers

    Imports

    Sections

  • ui_res.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • ui_res_150.dll
    .dll windows:5 windows x86 arch:x86

    d056332cf3b8d6b9c5dfda1fdbccf8ca


    Code Sign

    Headers

    Imports

    Sections

  • upload_login.exe
    .exe windows:5 windows x86 arch:x86

    86956c0c3f1efc5fc417bf80f20ffec4


    Code Sign

    Headers

    Imports

    Sections

  • vcap.dll
    .dll windows:5 windows x86 arch:x86

    04d7c93f7c4b2b6e669d488edd7253e1


    Code Sign

    Headers

    Imports

    Exports

    Sections