07bed7a038ef3f4acff3026d9794e66d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07bed7a038ef3f4acff3026d9794e66d_JaffaCakes118
Size

744KB
MD5

07bed7a038ef3f4acff3026d9794e66d
SHA1

94104b6e5f3bdfb2e6380e8e1908daf37dd5f848
SHA256

1b852f6ab500d585d0ebc3b40e0312a1afd6ae191670cdfc4e5f93a32c925969
SHA512

95c89de6ab4a33dfc00c6d306ee111f70b7c3223b85ed0f04a3962ce9ab5e3dca0ae56557f1bde743a02005afaa67a769949a19e75ea1d9caea4cebd875559e5
SSDEEP

12288:rf68zjnT+2a8+p0/IARbJkale360zCA9JK7LdBzSZd6Z/+rXm5AQKa8/VyFcajNp:rjjny2a8S0/1EaleYUKn2ZY2TmAQN0Vi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07bed7a038ef3f4acff3026d9794e66d_JaffaCakes118

Files

07bed7a038ef3f4acff3026d9794e66d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7a5e8741380188e9690ab650f955465a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
TerminateProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyWindow

advapi32

OpenSCManagerA

oleaut32

SysFreeString

version

GetFileVersionInfoA

gdi32

DeleteDC

ole32

ProgIDFromCLSID

comctl32

ImageList_GetDragImage

shell32

ShellExecuteA

urlmon

UrlMkGetSessionOption

wsock32

gethostname

oleacc

ObjectFromLresult

ntdll

NtProtectVirtualMemory

gdiplus

GdiplusStartup

iphlpapi

GetAdaptersInfo

imagehlp

MapFileAndCheckSumA

ws2_32

WSAIoctl

atl

AtlAxGetControl

Sections

CODE
Size: - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a5e8741380188e9690ab650f955465a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

urlmon

wsock32

oleacc

ntdll

gdiplus

iphlpapi

imagehlp

ws2_32

atl

Sections

CODE Size: - Virtual size: 768KB

DATA Size: - Virtual size: 75KB

BSS Size: - Virtual size: 14KB

.idata Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 91KB

.vmp1 Size: 732KB - Virtual size: 731KB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 5KB - Virtual size: 30KB

CODE
Size: - Virtual size: 768KB

DATA
Size: - Virtual size: 75KB

BSS
Size: - Virtual size: 14KB

.idata
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 91KB

.vmp1
Size: 732KB - Virtual size: 731KB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 5KB - Virtual size: 30KB