e79e3c59f516ff08b3504c13d6a37ef0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e79e3c59f516ff08b3504c13d6a37ef0_JaffaCakes118
Size

1.1MB
MD5

e79e3c59f516ff08b3504c13d6a37ef0
SHA1

ec2bc306a3bce985572988d26f643618a976aebf
SHA256

feabab980bb4b8ca5661a35a31a2569aad25735c8933aeef8f4110888a928590
SHA512

c73da64754473739ba354bee883461a51c0aa47059b624ad63f2ab18d4f9b3eb4c2a8c90c0ef964586363281f3c3ea4dfc68374ea96f309a6e4653a04893447a
SSDEEP

24576:nSFOpgDugIJA1LveIgop7IfAm/fAfiXKv/VN:nSq2IJAxvDg4uXSV/T

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e79e3c59f516ff08b3504c13d6a37ef0_JaffaCakes118

Files

e79e3c59f516ff08b3504c13d6a37ef0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

363e5532de31c48c59fe79d4099535b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

midiOutReset

ws2_32

ioctlsocket

kernel32

VirtualAlloc
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowDC

gdi32

SaveDC

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantClear

comctl32

ImageList_Destroy

comdlg32

GetOpenFileNameA

Exports

Exports

RunDllHostCallBack

Sections

.text
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 896KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

363e5532de31c48c59fe79d4099535b3

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 630KB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 255KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 83KB

.vmp1 Size: - Virtual size: 528KB

.vmp2 Size: 896KB - Virtual size: 892KB

.reloc Size: 4KB - Virtual size: 220B

.text
Size: - Virtual size: 630KB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 255KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 83KB

.vmp1
Size: - Virtual size: 528KB

.vmp2
Size: 896KB - Virtual size: 892KB

.reloc
Size: 4KB - Virtual size: 220B