078026d02f07f31db039843f83418f64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

078026d02f07f31db039843f83418f64_JaffaCakes118
Size

151KB
MD5

078026d02f07f31db039843f83418f64
SHA1

d06ae08d621f4b1d556bd85a9740fee6dc9335e2
SHA256

17b4cc45d1adada88323d2102041dd96fae02e8a1e8f79cd28b59532ab46f175
SHA512

ae11454df2ab2beb0bf80a76c28a9ed23253473dbdd54ce6f1cae9ce5141bcc9a5849150158d7258cc0bc4c55062260e709ee13f96ac38c4d5d6ed29f38fc1c0
SSDEEP

3072:plm5cwFUXG+51v7vuigEga2w03Pqu+ygEw9plSQJOkFME:pl4NrG1v7v0Ekqu+ygEsPykT

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lingvo10ML_BusyJaZZ/Lingvo10.exe
unpack001/vfd/vfd.exe
unpack001/vfd/vfd.sys
unpack001/vfd/vfdwin.exe

Files

078026d02f07f31db039843f83418f64_JaffaCakes118
.rar
Lingvo10ML_BusyJaZZ/#Info.txt
Lingvo10ML_BusyJaZZ/Lingvo10.exe
.exe windows:4 windows x86 arch:x86

10e927135483a06b432dec163e03ea9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

strlen
atol
??2@YAPAXI@Z
_chdrive
_getdrive
strchr
strstr
_chdir
_getcwd
memmove
memcmp
atoi
memcpy
rand
srand
time
_strcmpi
strncmp
strcat
_mkdir
malloc
free
_exit
_XcptFilter
exit
_acmdln_dll
_initterm
__GetMainArgs
_commode_dll
_fmode_dll
_global_unwind2
_local_unwind2
??3@YAXPAX@Z
_purecall
strcmp
memset

mpr

WNetGetUserA
WNetConnectionDialog

kernel32

FindResourceA
LoadLibraryExA
LoadLibraryA
FreeLibrary
lstrcatA
GetModuleFileNameA
_lread
_llseek
lstrcmpiA
GetTempPathA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
GlobalReAlloc
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
LoadResource
IsDBCSLeadByte
MultiByteToWideChar
OutputDebugStringA
WideCharToMultiByte
GetVersion
FormatMessageA
SetErrorMode
DeviceIoControl
GetLastError
GetDiskFreeSpaceA
GetProcAddress
GetTickCount
GetModuleHandleA
GetWindowsDirectoryA
GetOverlappedResult
CreateEventA
GlobalFree
GetStartupInfoA
LockResource
FreeResource
lstrlenA
lstrcpyA
OpenFile
_lwrite
_lclose
DeleteFileA
CreateFileA
GlobalAlloc
GlobalLock
GetFullPathNameA
SetFilePointer
ReadFile
WriteFile
CloseHandle
GlobalHandle
lstrcpynA
GlobalUnlock

user32

GetSysColor
SetRect
GetDC
CharLowerA
GetScrollRange
InvalidateRect
DrawFocusRect
ShowWindow
SendDlgItemMessageA
EnableMenuItem
GetSystemMenu
SetWindowPos
GetSystemMetrics
IsIconic
SetFocus
MessageBeep
DestroyWindow
CharUpperA
OemToCharA
CharNextA
CharToOemA
CharPrevA
GetWindowRect
SetWindowLongA
GetWindowLongA
CreateDialogParamW
CreateDialogParamA
DialogBoxParamW
LoadStringW
LoadStringA
FillRect
GetClientRect
EndPaint
BeginPaint
DefWindowProcA
RegisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
DestroyIcon
CreateIconIndirect
GetIconInfo
KillTimer
SetTimer
CreateWindowExA
IsDlgButtonChecked
GetDlgItemInt
GetWindowTextA
PostMessageA
SetDlgItemInt
CheckDlgButton
GetDlgItem
EnableWindow
LoadCursorA
SetCursor
SendMessageA
GetParent
GetDlgItemTextA
wsprintfA
DialogBoxParamA
EndDialog
SetDlgItemTextA
SetWindowTextA
LoadBitmapA
ReleaseDC
DrawTextA
GetDesktopWindow
MessageBoxA

gdi32

DeleteObject
SetBkColor
CreateSolidBrush
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
ExtTextOutA
SetTextColor
GetTextMetricsA
GetBkColor
BitBlt
SetBkMode
GetStockObject
DeleteDC

comdlg32

GetSaveFileNameA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ling10me_flp.IMA
readme.txt
vfd/COPYING.TXT
vfd/README.TXT
vfd/vfd.exe
.exe windows:4 windows x86 arch:x86

782bbe1d30b6c0ef5d89a3b241b9a5f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceStatus
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
CloseServiceHandle
StartServiceA
ControlService
QueryServiceConfigA

user32

RegisterWindowMessageA
LoadStringA
SetCursor
LoadCursorA
SendNotifyMessageA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

HeapFree
GetStringTypeA
LCMapStringA
GetACP
LCMapStringW
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
Sleep
GetEnvironmentVariableA
GetModuleFileNameA
GetLastError
GetFullPathNameA
CloseHandle
DeviceIoControl
CreateFileA
SetErrorMode
DefineDosDeviceA
QueryDosDeviceA
GetLogicalDrives
GetDriveTypeA
GetFileAttributesExA
FormatMessageA
GetCommandLineA
GetVersion
ExitProcess
FlushFileBuffers
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
SetFilePointer
GetCPInfo
FreeEnvironmentStringsA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
TerminateProcess
GetCurrentProcess
GetVersionExA
WriteFile
UnhandledExceptionFilter
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
HeapReAlloc
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vfd/vfd.sys
.sys windows:5 windows x86 arch:x86

c88d18d3b580d736b04c0ea35f064f0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeGetCurrentThread
KeSetEvent
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExFreePool
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
ExfInterlockedInsertTailList
SeCreateClientSecurity
IoDeleteSymbolicLink
ExAllocatePoolWithTag
ZwReadFile
ZwWriteFile
PsRevertToSelf
SeImpersonateClient
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
ZwSetInformationFile
ZwQueryInformationFile
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
PsGetVersion
MmMapLockedPages
MmMapLockedPagesSpecifyCache

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 288B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vfd/vfdwin.exe
.exe windows:4 windows x86 arch:x86

5d6c4fee9b1862c44cef3f41f09001b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_LoadImageA

user32

PostQuitMessage
GetWindowRect
GetDlgItem
CreateDialogParamA
SetDlgItemTextA
LoadStringA
RedrawWindow
GetSystemMetrics
SendMessageA
GetClientRect
SendNotifyMessageA
LoadCursorA
SetCursor
IsWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetForegroundWindow
PostMessageA
LoadImageA
GetSystemMenu
DeleteMenu
GetWindowTextLengthA
CheckRadioButton
SetWindowPos
GetWindowTextA
RegisterWindowMessageA
DestroyWindow
MessageBoxA
SendDlgItemMessageA
IsDlgButtonChecked
GetParent
CheckDlgButton
DialogBoxParamA
SetFocus
EndDialog
GetDlgItemTextA
EnableWindow
SetWindowTextA
GetCursorPos
ScreenToClient
ShowWindow

advapi32

QueryServiceConfigA
RegCreateKeyExA
StartServiceA
QueryServiceStatus
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegEnumValueA
ControlService
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA
SHGetMalloc
SHChangeNotify
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetStringTypeW
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
GetStringTypeA
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
GetVersionExA
FormatMessageA
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
TerminateProcess
ExitProcess
HeapAlloc
HeapFree
GetFileAttributesExA
GetDriveTypeA
FindFirstFileA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers
GetVersion
WideCharToMultiByte
GetCommandLineA
DefineDosDeviceA
SetErrorMode
QueryDosDeviceA
CloseHandle
DeleteFileA
FindNextFileA
GetFullPathNameA
FindClose
CreateFileA
DeviceIoControl
GetEnvironmentVariableA
Sleep
CreateMutexA
GetLogicalDrives
MultiByteToWideChar
GetLastError
SetLastError
GetModuleFileNameA
GetFileAttributesA

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10e927135483a06b432dec163e03ea9d

Headers

File Characteristics

Imports

crtdll

mpr

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 6KB - Virtual size: 5KB

782bbe1d30b6c0ef5d89a3b241b9a5f2

Headers

File Characteristics

Imports

advapi32

user32

version

kernel32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 28KB - Virtual size: 25KB

c88d18d3b580d736b04c0ea35f064f0d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 160B - Virtual size: 144B

.data Size: 96B - Virtual size: 84B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 800B - Virtual size: 776B

.reloc Size: 288B - Virtual size: 262B

5d6c4fee9b1862c44cef3f41f09001b5

Headers

File Characteristics

Imports

comctl32

user32

advapi32

comdlg32

shell32

ole32

version

kernel32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 160B - Virtual size: 144B

.data
Size: 96B - Virtual size: 84B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 800B - Virtual size: 776B

.reloc
Size: 288B - Virtual size: 262B

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 32KB - Virtual size: 30KB