Overview

overview

7

Static

static

7

5ba72e4791...18.exe

windows7-x64

7

5ba72e4791...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$TEMP/Driv...z3.exe

windows7-x64

1

$TEMP/Driv...z3.exe

windows10-2004-x64

1

$TEMP/Driv...er.dll

windows7-x64

4

$TEMP/Driv...er.dll

windows10-2004-x64

4

$TEMP/Driv...up.dll

windows7-x64

4

$TEMP/Driv...up.dll

windows10-2004-x64

4

$TEMP/Driv...ge.dll

windows7-x64

1

$TEMP/Driv...ge.dll

windows10-2004-x64

1

$TEMP/Driv...e5.sys

windows7-x64

1

$TEMP/Driv...e5.sys

windows10-2004-x64

1

$TEMP/Driv...e5.sys

windows7-x64

1

$TEMP/Driv...e5.sys

windows10-2004-x64

1

$TEMP/Driv...e5.sys

windows7-x64

1

$TEMP/Driv...e5.sys

windows10-2004-x64

1

$TEMP/Driv...e5.sys

windows7-x64

1

$TEMP/Driv...e5.sys

windows10-2004-x64

1

$TEMP/Driv...PI.dll

windows7-x64

1

$TEMP/Driv...PI.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    5ba72e4791f577c14f9c6b23c4d95211_JaffaCakes118

  • Size

    13.4MB

  • MD5

    5ba72e4791f577c14f9c6b23c4d95211

  • SHA1

    74f21fed0ad24e066c9f0c22a7ccd1b088ce310e

  • SHA256

    6d7eea7ff9ae3211f559d7d39fe9a8349078ef289b66e6c582c68708b7c60fea

  • SHA512

    59e38f7683571edc791431327da44d76adf11e7beaa5fe070e1ce144b06fe195cd6867fe4e5c9a5860c0500784feff3675e989b47cadef4aee6f887ea4bdd9cd

  • SSDEEP

    393216:hDa5brFmW+lwJTcBqR+5k0T+fTIDfCV6X5IEiOoz:hWDmW+OJcqw1+bYS652

Score
7/10
pdflinkvmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • HTTP links in PDF interactive object 3 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 13 IoCs

    Checks for missing Authenticode signature.

Files

  • 5ba72e4791f577c14f9c6b23c4d95211_JaffaCakes118
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AccessControl.dll
    .dll windows:4 windows x86 arch:x86

    50c8f5ff7efcfab29d0d699e5f7a53fe


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:6 windows x86 arch:x86

    71278b7fde115bdf8fb2128ebedb6e98


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NsProcess.dll
    .dll windows:5 windows x86 arch:x86

    a6436cd6a2fc19d0d4c22889955ab14e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:5 windows x86 arch:x86

    8700d0ebbb41c81ea52718af1ab70a93


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/uisetup_usertool.dll
    .dll windows:5 windows x86 arch:x86

    a7066a3b651a43cc05309a083a963536


    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/InstWiz3.exe
    .exe windows:5 windows x86 arch:x86

    dd8c8af28026d04d8419ff08a59b0b6f


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/checkdriver.dll
    .dll windows:5 windows x86 arch:x86

    a76559057104796489689cb2c8098cd4


    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/e5Setup.dll
    .dll windows:5 windows x86 arch:x86

    f78d846b8320216d2fd485165dee75b3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/e5Setup.lib
  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/e5drv.h
  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/language.dll
    .dll windows:5 windows x86 arch:x86

    d0b0ab81bf0e4cd20070f6525db9fd67


    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/elite5.cat
  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/elite5.inf
  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/i386/elite5.sys
    .sys windows:6 windows x86 arch:x86

    9b3488796654543627f38fef7a588c82


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/x64/elite5.sys
    .sys windows:6 windows x64 arch:x64

    8f56f94b7d9a53074747a8b358a0f2d9


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/elite5.cat
  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/elite5.inf
  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/i386/elite5.sys
    .sys windows:6 windows x86 arch:x86

    bc54b519e529e9968ef0570f70a7c3a5


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/x64/elite5.sys
    .sys windows:6 windows x64 arch:x64

    6950e7deeafce1840dffb99ddc9bf675


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh64/DIFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    fa7bbfc375651121b7223cafa40dc7b8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh64/setup.exe
    .exe windows:5 windows x64 arch:x64

    129139d77149690068c633f005185808


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh86/DIFxAPI.dll
    .dll windows:6 windows x86 arch:x86

    bced6390751f7df672767c6c60fd16dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh86/setup.exe
    .exe windows:5 windows x86 arch:x86

    2a511ecd4d969ed1dd9a06f4ea6d17f4


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winxp64/DIFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    fa7bbfc375651121b7223cafa40dc7b8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winxp64/setup.exe
    .exe windows:5 windows x64 arch:x64

    bcdd08a3e628705d9df33fd03eebf733


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winxp86/DIFxAPI.dll
    .dll windows:6 windows x86 arch:x86

    bced6390751f7df672767c6c60fd16dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winxp86/setup.exe
    .exe windows:5 windows x86 arch:x86

    03a6ee3504772241f482ea29603ca229


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/深思数盾精锐5产品驱动安装程序使用说明.pdf
    .pdf

    • http://www.sense.com.cn/

  • $TEMP/DriversTmp/user/Drivers/InstWiz3.exe
    .exe windows:5 windows x86 arch:x86

    dd8c8af28026d04d8419ff08a59b0b6f


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/checkdriver.dll
    .dll windows:5 windows x86 arch:x86

    a76559057104796489689cb2c8098cd4


    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/user/Drivers/e5Setup.dll
    .dll windows:5 windows x86 arch:x86

    f78d846b8320216d2fd485165dee75b3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/user/Drivers/e5Setup.lib
  • $TEMP/DriversTmp/user/Drivers/e5drv.h
  • $TEMP/DriversTmp/user/Drivers/language.dll
    .dll windows:5 windows x86 arch:x86

    d0b0ab81bf0e4cd20070f6525db9fd67


    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/obj/winlh/elite5.cat
  • $TEMP/DriversTmp/user/Drivers/obj/winlh/elite5.inf
  • $TEMP/DriversTmp/user/Drivers/obj/winlh/i386/elite5.sys
    .sys windows:6 windows x86 arch:x86

    9b3488796654543627f38fef7a588c82


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/obj/winlh/x64/elite5.sys
    .sys windows:6 windows x64 arch:x64

    8f56f94b7d9a53074747a8b358a0f2d9


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/obj/winxp&2k/elite5.cat
  • $TEMP/DriversTmp/user/Drivers/obj/winxp&2k/elite5.inf
  • $TEMP/DriversTmp/user/Drivers/obj/winxp&2k/i386/elite5.sys
    .sys windows:6 windows x86 arch:x86

    bc54b519e529e9968ef0570f70a7c3a5


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/obj/winxp&2k/x64/elite5.sys
    .sys windows:6 windows x64 arch:x64

    6950e7deeafce1840dffb99ddc9bf675


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winlh64/DIFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    fa7bbfc375651121b7223cafa40dc7b8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winlh64/setup.exe
    .exe windows:5 windows x64 arch:x64

    129139d77149690068c633f005185808


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winlh86/DIFxAPI.dll
    .dll windows:6 windows x86 arch:x86

    bced6390751f7df672767c6c60fd16dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winlh86/setup.exe
    .exe windows:5 windows x86 arch:x86

    2a511ecd4d969ed1dd9a06f4ea6d17f4


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winxp64/DIFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    fa7bbfc375651121b7223cafa40dc7b8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winxp64/setup.exe
    .exe windows:5 windows x64 arch:x64

    bcdd08a3e628705d9df33fd03eebf733


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winxp86/DIFxAPI.dll
    .dll windows:6 windows x86 arch:x86

    bced6390751f7df672767c6c60fd16dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/DriversTmp/user/Drivers/winxp86/setup.exe
    .exe windows:5 windows x86 arch:x86

    03a6ee3504772241f482ea29603ca229


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/DriversTmp/user/Drivers/深思数盾精锐5产品驱动安装程序使用说明.pdf
    .pdf

    • http://www.sense.com.cn/

  • Drivers/InstWiz3.exe
    .exe windows:5 windows x86 arch:x86

    dd8c8af28026d04d8419ff08a59b0b6f


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/checkdriver.dll
    .dll windows:5 windows x86 arch:x86

    a76559057104796489689cb2c8098cd4


    Headers

    Imports

    Exports

    Sections

  • Drivers/e5Setup.dll
    .dll windows:5 windows x86 arch:x86

    f78d846b8320216d2fd485165dee75b3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/e5Setup.lib
  • Drivers/e5drv.h
  • Drivers/language.dll
    .dll windows:5 windows x86 arch:x86

    d0b0ab81bf0e4cd20070f6525db9fd67


    Headers

    Imports

    Sections

  • Drivers/obj/winlh/elite5.cat
  • Drivers/obj/winlh/elite5.inf
  • Drivers/obj/winlh/i386/elite5.sys
    .sys windows:6 windows x86 arch:x86

    9b3488796654543627f38fef7a588c82


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/obj/winlh/x64/elite5.sys
    .sys windows:6 windows x64 arch:x64

    8f56f94b7d9a53074747a8b358a0f2d9


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/obj/winxp&2k/elite5.cat
  • Drivers/obj/winxp&2k/elite5.inf
  • Drivers/obj/winxp&2k/i386/elite5.sys
    .sys windows:6 windows x86 arch:x86

    bc54b519e529e9968ef0570f70a7c3a5


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/obj/winxp&2k/x64/elite5.sys
    .sys windows:6 windows x64 arch:x64

    6950e7deeafce1840dffb99ddc9bf675


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/winlh64/DIFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    fa7bbfc375651121b7223cafa40dc7b8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/winlh64/setup.exe
    .exe windows:5 windows x64 arch:x64

    129139d77149690068c633f005185808


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/winlh86/DIFxAPI.dll
    .dll windows:6 windows x86 arch:x86

    bced6390751f7df672767c6c60fd16dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/winlh86/setup.exe
    .exe windows:5 windows x86 arch:x86

    2a511ecd4d969ed1dd9a06f4ea6d17f4


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/winxp64/DIFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    fa7bbfc375651121b7223cafa40dc7b8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/winxp64/setup.exe
    .exe windows:5 windows x64 arch:x64

    bcdd08a3e628705d9df33fd03eebf733


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/winxp86/DIFxAPI.dll
    .dll windows:6 windows x86 arch:x86

    bced6390751f7df672767c6c60fd16dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/winxp86/setup.exe
    .exe windows:5 windows x86 arch:x86

    03a6ee3504772241f482ea29603ca229


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/深思数盾精锐5产品驱动安装程序使用说明.pdf
    .pdf

    • http://www.sense.com.cn/

  • Tools/authconfig.xml
    .xml
  • Tools/config.ini
  • Tools/gdiplus.dll
    .dll windows:5 windows x86 arch:x86

    7d265bc0350ed04fb2dffec878eb283e


    Headers

    Imports

    Exports

    Sections

  • Tools/read me.txt
  • Tools/repair_api_dll.dll
    .dll windows:5 windows x86 arch:x86

    6b673a51143d0ff46bda555e8698cf02


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Tools/selfhelpdoc.chm
    .chm
  • Tools/ssclient.exe
    .exe windows:5 windows x86 arch:x86

    1dc3e118b1006a9f628c647cdfdc31ec


    Code Sign

    Headers

    Imports

    Sections

  • changelog.txt
  • developer/0400000000000000/entry.d2c
  • service/db.dat
  • service/lib_net_agent_shared.dll
    .dll windows:5 windows x86 arch:x86

    21cc9229d5c958ce1f31aa7e6a4725a3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • service/restart_ssservice.bat
  • service/schtask_add_restart_ssservice.bat
    .bat .vbs
  • service/schtask_delete_restart_ssservice.bat
  • service/senseshield.exe
    .exe windows:5 windows x86 arch:x86

    7a4ebfd00703b63c1aa871c5848ca76c


    Code Sign

    Headers

    Imports

    Sections

  • service/slock.sys
    .sys windows:10 windows x86 arch:x86

    e36f1ca5df8665d0f28f2e57a9bd9ce2


    Code Sign

    Headers

    Imports

    Sections

  • service/slock64.sys
    .sys windows:10 windows x64 arch:x64

    2887bd1579d5915f931c20958052599e


    Code Sign

    Headers

    Imports

    Sections

  • service/sprotect.sys
    .sys windows:6 windows x86 arch:x86

    ab54b7457d80d391caf3819a96bc6e8c


    Code Sign

    Headers

    Imports

    Sections

  • service/sprotect64.sys
    .sys windows:6 windows x64 arch:x64

    870912d2930afce24b79729a7e670d93


    Code Sign

    Headers

    Imports

    Sections

  • service/ss_config.xml
    .xml
  • service/ss_config_merge.exe
    .exe windows:5 windows x86 arch:x86

    8733b3a1948e12bc26c5ed20c3d95458


    Code Sign

    Headers

    Imports

    Sections

  • service/sssync.exe
    .exe windows:5 windows x86 arch:x86

    3c9e555a43ccd748e6cac83ac85dc472


    Code Sign

    Headers

    Imports

    Sections

  • service/sssynccfg.ini
  • uninstall.exe.nsis
  • vista_x64.reg
  • xp_vista.reg