c869b54216245e40872011de3da5a563_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c869b54216245e40872011de3da5a563_JaffaCakes118
Size

4.2MB
MD5

c869b54216245e40872011de3da5a563
SHA1

92b55c826a506df8868ca157b036bd82108917a9
SHA256

9a83b218576d40b3bf62141a509ec74f595056e052e1d6b8fe556d6bff6ac975
SHA512

8447c9b1f9b397b948264bbfd24f1e508575b94caae09cde03094f299eddec3d079f6fd0ec049e5a5f32cb56ec33f0cc834478b321ce75451133d615091d5dcf
SSDEEP

98304:Jf0gnUUlBQgyoOqHAvtgWgyuccfQ+qDh/d2:h0gUUlqHqMgyuTfQ4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

c869b54216245e40872011de3da5a563_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c58ba983cbcad8b3c06c5b4f999bb55

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:b1:79:90:77:ae:24:1f:bf:5d:35:fb:98:88:ec:eb
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

16/05/2021, 19:42

Not After

13/05/2022, 06:37

Subject

CN=Open Source Developer\, Martin Kleusberg,O=Open Source Developer,L=Niedernhausen,C=DE,1.2.840.113549.1.9.1=#0c146d6b6c6575736265726740676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

93:07:86:b7:01:16:7d:5f:be:c2:d0:9e:00:6e:23:fb:9b:e3:d4:b4
Signer

Actual PE Digest

93:07:86:b7:01:16:7d:5f:be:c2:d0:9e:00:6e:23:fb:9b:e3:d4:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c58ba983cbcad8b3c06c5b4f999bb55

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

2a:b1:79:90:77:ae:24:1f:bf:5d:35:fb:98:88:ec:ebCertificate

Extended Key Usages

Key Usages

93:07:86:b7:01:16:7d:5f:be:c2:d0:9e:00:6e:23:fb:9b:e3:d4:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: - Virtual size: 141KB

.rdata Size: - Virtual size: 22KB

.data Size: - Virtual size: 5KB

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 90KB - Virtual size: 89KB

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

2a:b1:79:90:77:ae:24:1f:bf:5d:35:fb:98:88:ec:eb
Certificate

93:07:86:b7:01:16:7d:5f:be:c2:d0:9e:00:6e:23:fb:9b:e3:d4:b4
Signer

.text
Size: - Virtual size: 141KB

.rdata
Size: - Virtual size: 22KB

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 90KB - Virtual size: 89KB