543d967b277213030a2bbf85583fe6b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

543d967b277213030a2bbf85583fe6b7_JaffaCakes118
Size

350KB
MD5

543d967b277213030a2bbf85583fe6b7
SHA1

ce315cebd7139a6ab1f40010c5cfcb485e7439b0
SHA256

b137755322e18aef74663c4a993feeb4044d53501bf3470e38119c6a3b0f44c1
SHA512

4b24fa9abb855430aa6ba6cd2c22f503ec9635d83916f6e5c3d5633d09a1b52d618fbbda4d84492cb064ee1482c47dddaae22cb57aebb194172afb0d205de898
SSDEEP

6144:adGqdK5aFph/rh+7KMdXfvhtXwjXRRPwbVYoEeogVTifIzKjef:aJ80XhAKMdPo6bGoEtgVOfIGef

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VLAuto4F 2.73/Ohm_vn.sys
unpack001/VLAuto4F 2.73/VLAuto4F 2.73/Hook4F.dll
unpack001/VLAuto4F 2.73/VLAuto4F 2.73/VLAuto4F.exe
unpack001/VLAuto4F 2.73/Virtual HDD.exe

Files

543d967b277213030a2bbf85583fe6b7_JaffaCakes118
.rar
VLAuto4F 2.73/Ohm_vn.sys
.sys windows:4 windows x86 arch:x86

b261edee57d40957b60dfa7bd918933d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
RtlFillMemory
RtlZeroMemory
ZwQuerySystemInformation
sprintf
strcpy
strlen
strncpy
KeServiceDescriptorTable
DbgPrint
IofCompleteRequest

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480B - Virtual size: 461B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VLAuto4F 2.73/VLAuto4F 2.73/Hook4F.dll
.dll windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

?StartInject@@YAIPAUHWND__@@0@Z
?StopInject@@YAIPAUHWND__@@@Z

Sections

.text
Size: 100KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VLAuto4F 2.73/VLAuto4F 2.73/Logs/Gib8cVid4n.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/La9mTrid2uAnh.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/TSFR01.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/TSFR02.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/TSFR03.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/TSFR04.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/TSFR05.log
VLAuto4F 2.73/VLAuto4F 2.73/Logs/TSFR06.log
VLAuto4F 2.73/VLAuto4F 2.73/Maps/BlackItems.txt
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CanVien.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City1.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City100.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City101.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City11.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City121.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City153.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City162.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City174.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City176.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City20.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City242.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City243.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City244.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City245.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City246.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City247.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City248.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City342.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City37.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City53.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City54.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City55.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City586.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City587.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City588.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City589.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City590.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City591.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City593.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City594.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City595.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City596.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City597.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City78.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City80.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/CityMaps/City99.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/DuocVuong4.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/HacSa.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/KhoaLang.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/MapMenu.ini
VLAuto4F 2.73/VLAuto4F 2.73/Maps/MapNames.ini
VLAuto4F 2.73/VLAuto4F 2.73/Maps/NoPTNames.txt
VLAuto4F 2.73/VLAuto4F 2.73/Maps/PathList.ini
VLAuto4F 2.73/VLAuto4F 2.73/Maps/Paths/KhoaiHoatLam.pth
VLAuto4F 2.73/VLAuto4F 2.73/Maps/Paths/SaMac1.pth
VLAuto4F 2.73/VLAuto4F 2.73/Maps/Paths/SaMac2.pth
VLAuto4F 2.73/VLAuto4F 2.73/Maps/Paths/SaMac3.pth
VLAuto4F 2.73/VLAuto4F 2.73/Maps/Paths/SaMacDiaBieu.pth
VLAuto4F 2.73/VLAuto4F 2.73/Maps/PhongKy0.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/PhongKy1.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/RedItems.txt
VLAuto4F 2.73/VLAuto4F 2.73/Maps/SaMac1.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/SaMac2.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/SaMac3.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/SaMacDiaBieu.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/SellItems.txt
VLAuto4F 2.73/VLAuto4F 2.73/Maps/SonThan.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/ThienBao.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/TienCuc.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/TruongBachBac.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/TruongBachNam.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/ViSonDao.map
VLAuto4F 2.73/VLAuto4F 2.73/Maps/X2Items.txt
VLAuto4F 2.73/VLAuto4F 2.73/Maps/YSInfoX.dat
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c8a2b19l106aea4ae4.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c8a31a9lbcf779907.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c8a3839l85b071f2.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c8ac439l61691cda.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c950389l61691ad8.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c950a19l61691a42.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c9510a9l61691dac.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c95e739l61691d16.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/a3c95edc9l61691d70.cfg
VLAuto4F 2.73/VLAuto4F 2.73/UiConfig/d43230aaclc8dd24d9b.cfg
VLAuto4F 2.73/VLAuto4F 2.73/VLAuto4F.chm
.chm
VLAuto4F 2.73/VLAuto4F 2.73/VLAuto4F.exe
.exe windows:5 windows x86 arch:x86

90d1513d2a3c44bc3092d202f211cade

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

PlaySoundW

hook4f

?StartInject@@YAIPAUHWND__@@0@Z

user32

SetRect

gdi32

ExtSelectClipRgn

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteKeyW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree

oleaut32

SysAllocString

wsock32

htonl

psapi

GetModuleBaseNameW

Sections

.text
Size: 195KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VLAuto4F 2.73/VLAuto4F 2.73/VLAuto4F.ini
VLAuto4F 2.73/Virtual HDD.exe
.exe windows:4 windows x86 arch:x86

7b5fda32a7b53b4135310bd27430b0e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle

kernel32

CloseHandle
CreateFileA
DeviceIoControl
ExitProcess
GetCurrentDirectoryA
GetLastError
GetModuleHandleA
lstrlenA

user32

wsprintfA
CheckDlgButton
DialogBoxParamA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
MessageBoxA
PostQuitMessage
SendMessageA
SetWindowTextA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b261edee57d40957b60dfa7bd918933d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 480B - Virtual size: 461B

.data Size: 864B - Virtual size: 864B

INIT Size: 416B - Virtual size: 412B

.reloc Size: 1KB - Virtual size: 1KB

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 456KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

90d1513d2a3c44bc3092d202f211cade

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

hook4f

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

psapi

Sections

.text Size: 195KB - Virtual size: 640KB

.rsrc Size: 13KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 512B

7b5fda32a7b53b4135310bd27430b0e6

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 782B

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 864B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 480B - Virtual size: 461B

.data
Size: 864B - Virtual size: 864B

INIT
Size: 416B - Virtual size: 412B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 100KB - Virtual size: 456KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 195KB - Virtual size: 640KB

.rsrc
Size: 13KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 782B

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 864B