Overview

overview

7

Static

static

7

readme.html

windows7-x64

3

readme.html

windows10-2004-x64

3

客户端/...03.exe

windows7-x64

3

客户端/...03.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

3c90xbcxp.sys

windows7-x64

1

3c90xbcxp.sys

windows10-2004-x64

1

3c90xxp.sys

windows7-x64

1

3c90xxp.sys

windows10-2004-x64

1

81392k.sys

windows7-x64

1

81392k.sys

windows10-2004-x64

1

8139xp.sys

windows7-x64

1

8139xp.sys

windows10-2004-x64

1

81682k.sys

windows7-x64

1

81682k.sys

windows10-2004-x64

1

8168xp.sys

windows7-x64

1

8168xp.sys

windows10-2004-x64

1

81xx2k.sys

windows7-x64

1

81xx2k.sys

windows10-2004-x64

1

81xxxp.sys

windows7-x64

1

81xxxp.sys

windows10-2004-x64

1

EL1G2k.sys

windows7-x64

1

EL1G2k.sys

windows10-2004-x64

1

EL1GXP.sys

windows7-x64

1

EL1GXP.sys

windows10-2004-x64

1

ExMon.dll

windows7-x64

6

ExMon.dll

windows10-2004-x64

6

LDK5AUX.dll

windows7-x64

6

LDK5AUX.dll

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    3fdf0da6a4073dad71dc407b7605905f_JaffaCakes118

  • Size

    17.1MB

  • MD5

    3fdf0da6a4073dad71dc407b7605905f

  • SHA1

    468fe492296dc548fe8a9aa170c3951b20f60083

  • SHA256

    5a0262d8cfe035812b13efaf1372825f275a71eec77108ab5a139fc930076198

  • SHA512

    80e6e5a8b4ef3954544359ea4a68cc4fd28f8f661a9af429267dd2cb60bb97dfa810df0a116383d43cf1bf7fa7d665a810fe3561ef8a745bb25df26f1f0c0ded

  • SSDEEP

    393216:2PbyRPDh3PphHIvE0zUBz4wZLZBiFSyBza8KWg+Pdv4Gfqmq0gNwAmrWYekQ:2gdovBWLzlyNa8i+hvfqmq056Y8

Score
7/10
pdflinkaspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 14 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 83 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 3fdf0da6a4073dad71dc407b7605905f_JaffaCakes118
    .rar
  • help.txt
  • readme.html
    .html
  • readme.txt
  • 客户端/nxdcli5-5.8.0.303.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    d23fbd09100caad5e10f17163f511668


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • 3c90x.reg
  • 3c90xbc.reg
  • 3c90xbcxp.sys
    .sys windows:5 windows x86 arch:x86

    c65dc508abd6df2e55074056c2cbf4aa


    Headers

    Imports

    Sections

  • 3c90xxp.sys
    .sys windows:5 windows x86 arch:x86

    8c0b5a80103459dc2b24f28c1132dc7f


    Headers

    Imports

    Sections

  • 81392k.sys
    .sys windows:5 windows x86 arch:x86

    95bde89413123c4a2a03ca2a774a6671


    Headers

    Imports

    Sections

  • 8139xp.sys
    .sys windows:5 windows x86 arch:x86

    5312cc67fbdb4591c040101e7b41c91c


    Headers

    Imports

    Sections

  • 81682k.sys
    .sys windows:5 windows x86 arch:x86

    1119fcf0746f0f53b94ff01ae1302c31


    Headers

    Imports

    Sections

  • 8168xp.sys
    .sys windows:6 windows x86 arch:x86

    6dc9e49e15823150a029a6084ae82c02


    Headers

    Imports

    Sections

  • 81xx2k.sys
    .sys windows:5 windows x86 arch:x86

    2225659ddb26037da556c2c09c549e01


    Headers

    Imports

    Sections

  • 81xxxp.sys
    .sys windows:6 windows x86 arch:x86

    16ef70fb386671afd8fd87e8b59c0a01


    Headers

    Imports

    Sections

  • E82567.reg
  • E82575.reg
  • EL1G2k.SYS
    .sys windows:5 windows x86 arch:x86

    17c6b85e25b04a4d515f1db96eeb5fa8


    Code Sign

    Headers

    Imports

    Sections

  • EL1GXP.SYS
    .sys windows:5 windows x86 arch:x86

    1105196505ff77cf5212cf02085a9cee


    Code Sign

    Headers

    Imports

    Sections

  • ExMon.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • LDK5AUX.BIN
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • MCP.REG
  • NIC.INI
  • OemText_en.ini
  • OemText_gb.ini
  • Rtl8169.reg
  • SISNIC2K.sys
    .sys windows:5 windows x86 arch:x86

    8aa8b9a9a06c53cde7b4adbeae5943ea


    Headers

    Imports

    Sections

  • SISNICXP.sys
    .sys windows:5 windows x86 arch:x86

    aa8176f2de1d75da9a4f5fe5d32e337b


    Headers

    Imports

    Sections

  • ar81.reg
  • ar812k.sys
    .sys windows:6 windows x86 arch:x86

    8f6a831f328fdcf947e91fbe631f1f35


    Headers

    Imports

    Sections

  • ar81xp.sys
    .sys windows:6 windows x86 arch:x86

    14176855da08c6cecda5aff83fcbbe6c


    Headers

    Imports

    Sections

  • at1G2k.sys
    .sys windows:5 windows x86 arch:x86

    71c87d374f4183c70b6c7d8152d59044


    Headers

    Imports

    Sections

  • at1Gxp.sys
    .sys windows:5 windows x86 arch:x86

    0b7b92a4b92ec993d1ecc970120a04f8


    Headers

    Imports

    Sections

  • atcl001.reg
  • atcl002.reg
  • atl22k.sys
    .sys windows:6 windows x86 arch:x86

    2da7d138a326b7c8a70232f632df1e85


    Headers

    Imports

    Sections

  • atl2xp.sys
    .sys windows:6 windows x86 arch:x86

    f9502926ed53de81229656699b0fc69a


    Headers

    Imports

    Sections

  • b44xx2k.sys
    .sys windows:5 windows x86 arch:x86

    297111a615c19a701849faf54416fee4


    Headers

    Imports

    Sections

  • b44xxxp.sys
    .sys windows:5 windows x86 arch:x86

    6ca8680a0026d48347ab36a161b43d90


    Headers

    Imports

    Sections

  • b57xx2k.sys
    .sys windows:5 windows x86 arch:x86

    67e6790ed8f7ab72c7a6520d361d6603


    Headers

    Imports

    Sections

  • b57xxxp.sys
    .sys windows:5 windows x86 arch:x86

    5f271a035c74775d857100d6c5737778


    Headers

    Imports

    Sections

  • bcm44xx.reg
  • bcm57xx.reg
  • cfgmgr.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cliBD.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cliUp.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cliloc.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • cliopt.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • concpl.cpl
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • devcon.exe
    .exe windows:5 windows x86 arch:x86

    4a8b1b3af5ed6b972156a2972693a918


    Headers

    Imports

    Sections

  • e1000.reg
  • e100b.reg
  • elexpress.reg
  • fetndis.reg
  • i82567.sys
    .sys windows:5 windows x86 arch:x86

    1105196505ff77cf5212cf02085a9cee


    Code Sign

    Headers

    Imports

    Sections

  • i825752k.sys
    .sys windows:6 windows x86 arch:x86

    24dca51aec7cf1bbdc45f347be4be8b7


    Code Sign

    Headers

    Imports

    Sections

  • i82575xp.sys
    .sys windows:5 windows x86 arch:x86

    548a6f276ba842cdad54419171296a3e


    Code Sign

    Headers

    Imports

    Sections

  • iscsiprt.sys
    .sys windows:5 windows x86 arch:x86

    3d324a623b7b901c4fad48b469fe4e01


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • marvell.reg
  • mcp12k.sys
    .sys windows:4 windows x86 arch:x86

    57eb8d26cc6259b1f24ea6fea8db401d


    Headers

    Imports

    Sections

  • mcp1xp.sys
    .sys windows:4 windows x86 arch:x86

    668ae4fde55587dc876857a9d3258231


    Headers

    Imports

    Sections

  • mcp32k.sys
    .sys windows:4 windows x86 arch:x86

    57eb8d26cc6259b1f24ea6fea8db401d


    Headers

    Imports

    Sections

  • mcp3xp.sys
    .sys windows:4 windows x86 arch:x86

    478b8ca0898b8e664a2332b2bcf2042c


    Headers

    Imports

    Sections

  • mcp52k.sys
    .sys windows:5 windows x86 arch:x86

    b7ddcfa565dba3876b08ad9397870f4a


    Headers

    Imports

    Sections

  • mcp5xp.sys
    .sys windows:5 windows x86 arch:x86

    b7ddcfa565dba3876b08ad9397870f4a


    Headers

    Imports

    Sections

  • msiscsi.sys
    .sys windows:5 windows x86 arch:x86

    f6e2cfef4795caec881ad7abd79b0b15


    Code Sign

    Headers

    Imports

    Sections

  • nvefd2k.sys
    .sys windows:5 windows x86 arch:x86

    3f081f94031ceb0cd044dfd05c53e950


    Headers

    Imports

    Sections

  • nvefdxp.sys
    .sys windows:5 windows x86 arch:x86

    e1f88564699b64b8b75207d1ee9d3a15


    Headers

    Imports

    Sections

  • nvmcp.reg
  • nvn_bus.sys
    .sys windows:5 windows x86 arch:x86

    c9096b64162f4ba680d2e54d2ec6a76a


    Headers

    Imports

    Sections

  • nvnrm.sys
    .sys windows:5 windows x86 arch:x86

    580719f84af0acaa729eb9023c443274


    Headers

    Imports

    Exports

    Sections

  • nvphy.bin
  • nxd2k.sys
    .sys windows:6 windows x86 arch:x86

    5fb40b7b85753402466b38fea98e207b


    Headers

    Imports

    Sections

  • nxddsk.inf
  • nxddsk2k.sys
    .sys windows:6 windows x86 arch:x86

    73cdd798b46ec55d91de7c5c10476de1


    Headers

    Imports

    Sections

  • nxddskxp.sys
    .sys windows:6 windows x86 arch:x86

    c82222fda4d42a496b368586f594f191


    Headers

    Imports

    Sections

  • nxdhlp.sys
    .sys windows:6 windows x86 arch:x86

    e38b5efbae1b51ff6ce4f7a6eb669d9b


    Headers

    Imports

    Sections

  • nxdstat.sys
    .sys windows:5 windows x86 arch:x86

    90da76d5d15304e166a0dceb31211d89


    Headers

    Imports

    Sections

  • nxdxp.sys
    .sys windows:6 windows x86 arch:x86

    6ac1cab3dd1891452233e5fbff566290


    Headers

    Imports

    Sections

  • nxpauxsvc.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nxplan_en.ini
  • nxplan_gb.ini
  • nxprun.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nzFile.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nzcacflt.sys
    .sys windows:6 windows x86 arch:x86

    cbc8a8797f34490c60b30ae0fcd715c2


    Headers

    Imports

    Sections

  • nzcacflt2k.sys
    .sys windows:6 windows x86 arch:x86

    7571fe437c93279bfe996c7c845e450f


    Headers

    Imports

    Sections

  • nzfc.dll
    .dll windows:4 windows x86 arch:x86

    71d14ce8f73ae03149205ae47b33ce99


    Headers

    Imports

    Exports

    Sections

  • nznat.exe
    .sys windows:4 windows x86 arch:x86


    Headers

    Sections

  • nznotify.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • nzviewer_en.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nzviewer_gb.exe
    .exe windows:4 windows x86 arch:x86

    d4b535eb79075ea37920d04cf1aa43c2


    Headers

    Imports

    Sections

  • oeminfo_en.ini
  • oeminfo_gb.ini
  • oemlogo_en.bmp
  • oemlogo_gb.bmp
  • pro1002k.sys
    .sys windows:5 windows x86 arch:x86

    6e153699ad1c1389a501f00e58143dde


    Code Sign

    Headers

    Imports

    Sections

  • pro100xp.sys
    .sys windows:5 windows x86 arch:x86

    d26eea91e5fcb653ee714c9160bad2f3


    Code Sign

    Headers

    Imports

    Sections

  • pro1G2k.SYS
    .sys windows:5 windows x86 arch:x86

    54fd9548f59dfb084087cb346a76054d


    Code Sign

    Headers

    Imports

    Sections

  • pro1GXP.sys
    .sys windows:5 windows x86 arch:x86

    0312cad2045a4b4be6a865c822fed8fa


    Code Sign

    Headers

    Imports

    Sections

  • rtl8139.reg
  • rtlenic.reg
  • sis900.reg
  • swapflt.sys
    .sys windows:6 windows x86 arch:x86

    4bb4c5a925e16122ed6b37d5b5cefd5a


    Headers

    Imports

    Sections

  • swapflt2k.sys
    .sys windows:6 windows x86 arch:x86

    a4ae2873917907fa1f038ccdbd7977bb


    Headers

    Imports

    Sections

  • synccfg.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • uli.reg
  • uli2k.sys
    .sys windows:5 windows x86 arch:x86

    c97bad6fbbd27a52a3966701d220a404


    Headers

    Imports

    Sections

  • ulixp.sys
    .sys windows:5 windows x86 arch:x86

    d87b0dcb7b38621c16e2abe32342c53d


    Headers

    Imports

    Sections

  • vmwnet.reg
  • vmwnet.sys
    .sys windows:5 windows x86 arch:x86

    e23b5f282b6415e97495ad6f47f166eb


    Headers

    Imports

    Exports

    Sections

  • volswap.sys
    .sys windows:6 windows x86 arch:x86

    a4144180efd627d982b577d55a1d74bf


    Headers

    Imports

    Sections

  • vt3119.reg
  • vt3119.sys
    .sys windows:5 windows x86 arch:x86

    24ce92baa39d26dcfdec48eccd615259


    Headers

    Imports

    Sections

  • vt61xx.sys
    .sys windows:5 windows x86 arch:x86

    2c73a6ebbd15111dc4b6af7c51aa8e44


    Headers

    Imports

    Sections

  • winvnc4.exe
    .exe windows:4 windows x86 arch:x86

    42dd56a32f8f1cd851db20b435b9b12d


    Headers

    Imports

    Sections

  • wm_hooks.dll
    .dll windows:4 windows x86 arch:x86

    03d2da4043cce27fa9166306d9287c11


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • ykxp2k.sys
    .sys windows:6 windows x86 arch:x86

    234f52e4debee527377afae0500a7aa5


    Headers

    Imports

    Sections

  • 服务端/NXP-6.0.0.176.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    d23fbd09100caad5e10f17163f511668


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • CRTF.DAT
  • QTINTF.DLL
    .dll windows:4 windows x86 arch:x86

    ed2e9704a88ac23cf71d7afbae3ece78


    Headers

    Imports

    Exports

    Sections

  • StopSvc.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • VERSION
  • b5.lan
  • disks/10G.z
  • disks/120G.z
  • disks/128M.z
  • disks/160G.z
  • disks/1G.z
  • disks/200G.z
  • disks/20G-DOS.z
  • disks/20G.z
  • disks/240G.z
  • disks/256M.z
  • disks/2G.z
  • disks/320G.z
  • disks/3G.z
  • disks/40G.z
  • disks/512M.z
  • disks/5G-DOS.z
  • disks/5G.z
  • disks/64M.z
  • disks/80G.z
  • disks/dos.z
  • disks/nxpswap.pak
  • disks/nxpswap.z
  • nxp5.lan
  • nxp5.pdf
    .pdf

    • http://nxp-1.0.xx.run

    • http://nxp-5.0.xx.run

    • http://reg.netzonesoft.com

    • http://www.netzonesoft.com

    • http://www.netzonesoft.com/

  • nxpboot.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nxpbootmgr.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nxpio.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nxpiomgr.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • nxpsync.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • vncviewer.exe
    .exe windows:4 windows x86 arch:x86

    2481f304730138d08040e9b3ae65d04c


    Code Sign

    Headers

    Imports

    Sections

  • 注册/CRTF.DAT
  • 注册/nxpboot.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • 注册/nxpboot.exf
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • 注册/nxpbootmgr.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • 注册/nxpbootmgr.exf
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections