394168b2f2cb33908bcb50ce185fef5a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

394168b2f2cb33908bcb50ce185fef5a_JaffaCakes118
Size

4.3MB
MD5

394168b2f2cb33908bcb50ce185fef5a
SHA1

f89b384d59cdca8b2ab4463686b488c4be95ade7
SHA256

07a57e3b4dedb68cd543937c8f3c1074898c1ef7ebdef2500ed2e21e90adc876
SHA512

2fef618e41c30d18b79a07bd23817b898ff7fad415d51faa5d6e58cd2e6f3cb8abb431eebf913696ba3aebe3e893c3b1bce98942a5cb5b513da743d5c21e5e86
SSDEEP

98304:Ci/oJUas6k1aTsRzK/1zVJMo+HhfgomwZMvQmQJquCuQGDJlrEQANECdK:CP+aZ/qfgSZxmEqruQoL1hCdK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

394168b2f2cb33908bcb50ce185fef5a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f71c99e078aaa1dcdcc10a264209daee

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:de:b5:3f:95:73:37:fb:ea:f9:8c:4a:61:5b:14:9d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-05-2020 00:00

Not After

12-05-2021 12:00

Subject

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US,1.2.840.113549.1.9.1=#0c2072656c656173652b636572746966696361746573406d6f7a696c6c612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:76:8d:27:1d:a3:32:dd:92:25:ee:19:fe:b2:5e:c3:ee:2a:c2:fe
Signer

Actual PE Digest

64:76:8d:27:1d:a3:32:dd:92:25:ee:19:fe:b2:5e:c3:ee:2a:c2:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDC
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateCompatibleBitmap

advapi32

RegCloseKey

shell32

ShellExecuteA

wininet

HttpOpenRequestA

gdiplus

GdipSaveImageToFile

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f71c99e078aaa1dcdcc10a264209daee

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:de:b5:3f:95:73:37:fb:ea:f9:8c:4a:61:5b:14:9dCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

64:76:8d:27:1d:a3:32:dd:92:25:ee:19:fe:b2:5e:c3:ee:2a:c2:feSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

gdiplus

wtsapi32

Sections

.text Size: - Virtual size: 154KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 17KB

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 203KB - Virtual size: 202KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:de:b5:3f:95:73:37:fb:ea:f9:8c:4a:61:5b:14:9d
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

64:76:8d:27:1d:a3:32:dd:92:25:ee:19:fe:b2:5e:c3:ee:2a:c2:fe
Signer

.text
Size: - Virtual size: 154KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 17KB

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 203KB - Virtual size: 202KB