2df81dab5b3ad2fe747f36312cbcc4b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2df81dab5b3ad2fe747f36312cbcc4b5_JaffaCakes118
Size

347KB
MD5

2df81dab5b3ad2fe747f36312cbcc4b5
SHA1

b6270303bb3d1cb98f1ed90680bf61867a2a0720
SHA256

9226b29977c2db4a8c749e58b104eaf6a641e56f485b592cd57618f649e7efb1
SHA512

70c00b68923b9d85a5bc745d300e78a4ba6f7f5e282ef6e823e028281516edab26aecdae270ec717078bf328407186b16d3ba6ef174166252b43af6983a5e866
SSDEEP

6144:2WR4hF2bMQQ/Jj6ej5RrsD2C5u2/qHg/hPnb+RMCLYbJMTL6zYiyOoxxYCp+LhZt:2EQ2S4eM2C8o3nb2pcqTL6zWjY96ZU9

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VLPro667_CR/HookPr.dll
unpack001/VLPro667_CR/OhmRetn.dll
unpack001/VLPro667_CR/VLAutoPr.exe

Files

2df81dab5b3ad2fe747f36312cbcc4b5_JaffaCakes118
.zip
VLPro667_CR/HookPr.dll
.dll windows:5 windows x86 arch:x86

b5fbd00b94cbeb47c3ffc1bf1d78a7c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ohmretn

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

InjectDll
UnmapDll

Sections

.text
Size: 97KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VLPro667_CR/Logs/LucCocLaoTu.log
VLPro667_CR/Maps/BlackItems.txt
VLPro667_CR/Maps/CanVien.map
VLPro667_CR/Maps/CityMaps/City1.map
VLPro667_CR/Maps/CityMaps/City100.map
VLPro667_CR/Maps/CityMaps/City101.map
VLPro667_CR/Maps/CityMaps/City11.map
VLPro667_CR/Maps/CityMaps/City121.map
VLPro667_CR/Maps/CityMaps/City153.map
VLPro667_CR/Maps/CityMaps/City162.map
VLPro667_CR/Maps/CityMaps/City174.map
VLPro667_CR/Maps/CityMaps/City176.map
VLPro667_CR/Maps/CityMaps/City20.map
VLPro667_CR/Maps/CityMaps/City242.map
VLPro667_CR/Maps/CityMaps/City243.map
VLPro667_CR/Maps/CityMaps/City244.map
VLPro667_CR/Maps/CityMaps/City245.map
VLPro667_CR/Maps/CityMaps/City246.map
VLPro667_CR/Maps/CityMaps/City247.map
VLPro667_CR/Maps/CityMaps/City248.map
VLPro667_CR/Maps/CityMaps/City342.map
VLPro667_CR/Maps/CityMaps/City37.map
VLPro667_CR/Maps/CityMaps/City53.map
VLPro667_CR/Maps/CityMaps/City54.map
VLPro667_CR/Maps/CityMaps/City55.map
VLPro667_CR/Maps/CityMaps/City586.map
VLPro667_CR/Maps/CityMaps/City587.map
VLPro667_CR/Maps/CityMaps/City588.map
VLPro667_CR/Maps/CityMaps/City589.map
VLPro667_CR/Maps/CityMaps/City590.map
VLPro667_CR/Maps/CityMaps/City591.map
VLPro667_CR/Maps/CityMaps/City593.map
VLPro667_CR/Maps/CityMaps/City594.map
VLPro667_CR/Maps/CityMaps/City595.map
VLPro667_CR/Maps/CityMaps/City596.map
VLPro667_CR/Maps/CityMaps/City597.map
VLPro667_CR/Maps/CityMaps/City78.map
VLPro667_CR/Maps/CityMaps/City80.map
VLPro667_CR/Maps/CityMaps/City99.map
VLPro667_CR/Maps/DuocVuong4.map
VLPro667_CR/Maps/HacSa.map
VLPro667_CR/Maps/KhoaLang.map
VLPro667_CR/Maps/MapMenu.ini
VLPro667_CR/Maps/MapNames.ini
VLPro667_CR/Maps/NoPTNames.txt
VLPro667_CR/Maps/PathList.ini
VLPro667_CR/Maps/Paths/KhoaiHoatLam.pth
VLPro667_CR/Maps/Paths/SaMac1.pth
VLPro667_CR/Maps/Paths/SaMac2.pth
VLPro667_CR/Maps/Paths/SaMac3.pth
VLPro667_CR/Maps/Paths/SaMacDiaBieu.pth
VLPro667_CR/Maps/PhongKy0.map
VLPro667_CR/Maps/PhongKy1.map
VLPro667_CR/Maps/RedItems.txt
VLPro667_CR/Maps/SaMac1.map
VLPro667_CR/Maps/SaMac2.map
VLPro667_CR/Maps/SaMac3.map
VLPro667_CR/Maps/SaMacDiaBieu.map
VLPro667_CR/Maps/SellItems.txt
VLPro667_CR/Maps/SonThan.map
VLPro667_CR/Maps/ThienBao.map
VLPro667_CR/Maps/TienCuc.map
VLPro667_CR/Maps/TruongBachBac.map
VLPro667_CR/Maps/TruongBachNam.map
VLPro667_CR/Maps/ViSonDao.map
VLPro667_CR/Maps/X2Items.txt
VLPro667_CR/Maps/YSInfoX.dat
VLPro667_CR/OhmRetn.dll
.dll windows:4 windows x86 arch:x86

55597084847436d0f1aedcb3b797c166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wsprintfA

Exports

Exports

GetId
GetProcAddress
Inject
LoadLibraryA
MessageBoxA
UnMap
VirtualAlloc
VirtualFree

Sections

.text
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VLPro667_CR/UiConfig/f4384a73blb7669127c.cfg
VLPro667_CR/VLAutoPr.chm
.chm
VLPro667_CR/VLAutoPr.exe
.exe windows:5 windows x86 arch:x86

44fecaa683cfe0eed78a8836d68948bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

PlaySoundW

hookpr

InjectDll

user32

InvalidateRgn

gdi32

ExtSelectClipRgn

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

advapi32

RegEnumKeyW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoTaskMemFree

oleaut32

SysStringLen

wsock32

closesocket

psapi

GetModuleBaseNameW

Sections

.text
Size: 194KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VLPro667_CR/VLAutoPr.ini

Sharing

General

Malware Config

Signatures

Files

b5fbd00b94cbeb47c3ffc1bf1d78a7c4

Headers

File Characteristics

Imports

ohmretn

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 424KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

55597084847436d0f1aedcb3b797c166

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

44fecaa683cfe0eed78a8836d68948bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

hookpr

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

psapi

Sections

.text Size: 194KB - Virtual size: 652KB

.rsrc Size: 13KB - Virtual size: 16KB

.text
Size: 97KB - Virtual size: 424KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 3KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 194KB - Virtual size: 652KB

.rsrc
Size: 13KB - Virtual size: 16KB