d050948cba26749ca0ae38c401cae549_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d050948cba26749ca0ae38c401cae549_JaffaCakes118
Size

4.2MB
MD5

d050948cba26749ca0ae38c401cae549
SHA1

91a3471081352093d319e97abf787ecd7ecbd2d3
SHA256

ebcfd0fc3ecbf9281e9f42e858be21770fd7e3d92facd23d3dc589f01b1a1091
SHA512

ae545ba87d59ef7884da495b8004c0b266e5193511305699bd4b9cbd328a3c4f41f64d943e9def1404ca1323089c027026b632d31f33b995e45b6bff0e65d271
SSDEEP

98304:Jf0gnUUlBQgyoOqHAvtgWgyuccfQ+qDh/d8:h0gUUlqHqMgyuTfQ2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

d050948cba26749ca0ae38c401cae549_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c58ba983cbcad8b3c06c5b4f999bb55

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:b1:79:90:77:ae:24:1f:bf:5d:35:fb:98:88:ec:eb
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

16/05/2021, 19:42

Not After

13/05/2022, 06:37

Subject

CN=Open Source Developer\, Martin Kleusberg,O=Open Source Developer,L=Niedernhausen,C=DE,1.2.840.113549.1.9.1=#0c146d6b6c6575736265726740676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:3b:c6:30:22:16:0a:30:ff:68:a1:52:d4:2c:2b:e4:fd:01:83:b0
Signer

Actual PE Digest

49:3b:c6:30:22:16:0a:30:ff:68:a1:52:d4:2c:2b:e4:fd:01:83:b0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c58ba983cbcad8b3c06c5b4f999bb55

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

2a:b1:79:90:77:ae:24:1f:bf:5d:35:fb:98:88:ec:ebCertificate

Extended Key Usages

Key Usages

49:3b:c6:30:22:16:0a:30:ff:68:a1:52:d4:2c:2b:e4:fd:01:83:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: - Virtual size: 141KB

.rdata Size: - Virtual size: 22KB

.data Size: - Virtual size: 5KB

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 90KB - Virtual size: 89KB

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

2a:b1:79:90:77:ae:24:1f:bf:5d:35:fb:98:88:ec:eb
Certificate

49:3b:c6:30:22:16:0a:30:ff:68:a1:52:d4:2c:2b:e4:fd:01:83:b0
Signer

.text
Size: - Virtual size: 141KB

.rdata
Size: - Virtual size: 22KB

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 90KB - Virtual size: 89KB