2a3f06d46c0743f02a5676c32c74631c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a3f06d46c0743f02a5676c32c74631c_JaffaCakes118
Size

739KB
MD5

2a3f06d46c0743f02a5676c32c74631c
SHA1

d6846ca8ac0a32561b11f08a511033650e79d0d1
SHA256

c7099225292b4dcad5a89519fe20890ed32543bc18fb2519fe0df0e8dae5a54e
SHA512

73b6b1c4f56592d2e234fd169460cf57c77a947846c0b785f4bb18de4574c478f8ac6cd5f21a741f7c47adcb6ae70194523f3c1888a2aa08fb9a5745f3183aae
SSDEEP

12288:MKnbFOkuwXpjL/u3W+LUwPDfbY/tSjD5n/Zy/16XhEZmurROZr9ZjaSXG7m:MMjXp//kW+VnmMj1n/EIXq9RepX+m

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a3f06d46c0743f02a5676c32c74631c_JaffaCakes118

Files

2a3f06d46c0743f02a5676c32c74631c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

667291ada4d4e50e60c89ed5d329a009

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DispatchMessageA

advapi32

ChangeServiceConfigA

oleaut32

SafeArrayGetLBound

version

VerQueryValueA

gdi32

GetTextExtentPoint32A

ole32

CreateStreamOnHGlobal

comctl32

ImageList_Draw

shell32

ShellExecuteA

urlmon

UrlMkGetSessionOption

wsock32

WSACleanup

oleacc

ObjectFromLresult

ntdll

RtlAllocateHeap

gdiplus

GdipLoadImageFromStreamICM

iphlpapi

GetExtendedTcpTable

ws2_32

WSAIoctl

imagehlp

MapFileAndCheckSumA

atl

AtlAxWinInit

Sections

CODE
Size: - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

667291ada4d4e50e60c89ed5d329a009

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

urlmon

wsock32

oleacc

ntdll

gdiplus

iphlpapi

ws2_32

imagehlp

atl

Sections

CODE Size: - Virtual size: 770KB

DATA Size: - Virtual size: 75KB

BSS Size: - Virtual size: 14KB

.idata Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 92KB

.vmp1 Size: 730KB - Virtual size: 729KB

.reloc Size: 512B - Virtual size: 104B

.rsrc Size: 5KB - Virtual size: 30KB

CODE
Size: - Virtual size: 770KB

DATA
Size: - Virtual size: 75KB

BSS
Size: - Virtual size: 14KB

.idata
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 92KB

.vmp1
Size: 730KB - Virtual size: 729KB

.reloc
Size: 512B - Virtual size: 104B

.rsrc
Size: 5KB - Virtual size: 30KB