f3de214faf8e613e8f53d7c1d0155420_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f3de214faf8e613e8f53d7c1d0155420_JaffaCakes118
Size

738KB
MD5

f3de214faf8e613e8f53d7c1d0155420
SHA1

e9fb99bf23a3eb0e6e1868b45381ca2d3853da8b
SHA256

e08d97713ab2cf5f4a9159b0454ecef679d7b2e4d83dd855678b7e701f0b820f
SHA512

ac56ac1f1dd64f60e2536f88864de843b2e82f3911398dff79b0f1e8db2230ce7cca8659fa4b1b4b4b087b521ce19b4fb580bec9eeea6419a17ec598a6ef343c
SSDEEP

12288:JL9+sVzL4mH7xM0xzgXcMnEg3ZZwG89Dr/XYwF32jtd0G4rx38xH8dxgknTJhfZe:Jx4SVZgMMnEg3rK93vYw2LYrxs5knd3m

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/ubiorbitapi_r2.dll	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ubiorbitapi_r2.dll

Files

f3de214faf8e613e8f53d7c1d0155420_JaffaCakes118
.rar
skidrow.nfo
ubiorbitapi_r2.dll
.dll windows:5 windows x86 arch:x86

78743a3f59a8fbd4d912a46e11971a7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAStartup

kernel32

WaitForSingleObject
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

�� *h��`S�2��"��bf� �icO�*�R�<;��`��%��T�ᴘKb�:��L��pQ��"��Z�>%�;��Z[cZ�w��+ �㯶8��Q��e�A��u��@��jz ��J�\��,�|��,��TIŃ �ɽ-P9a�tP��!�j��^M_��]<��=�wR� ��{bt�z]x1sӸ�JЅ� $kP�;�K�&\��|��M�W�� ;|0�Vޯ�޴Τb2w^e��W�c�\�A��m��NK��l,��;�+P[��T�l�E�� F�m��)��'(�59��7��(-1��&��n +{7��umidY��rY��.'I�Bj��JX��Go�wmnx_N.�?�g(�k��3�0f ��C�'W��W16��!��_��F;`Vb��;��S��Ś�t�9��;�F�ʇ�͹��wn�|K3�8��< ��} k�R��F��;O�̧�2� ֝�ݠ�lYu/��=;��@�H'��5�EK�`|�g@ڒߩ��`6{��ֳT�� |F5%��t�_�V�E�5��b��[�˲�B�'��#TN��}`o>�jp�&S�t��SH]"G ��+kzǠ�R6ƥ�:>%�ڦGv�w>�υ��"�?��@��c�FU�r��lL�*��3�o$g��#�ޮ��d��^�G��86.��J)�d�V�[ɚ��r�B�]. �FcI��:��iÍ<��Y��J��}DB��ǎ��t�s��t~�k��,�2�Z��&N�e8�!��4;��V��&|�� K7qdZ��Q��k��'��i�o�y�o#�R�W w�-��4��J��=|u"�� N*� ��j��ϗ6��S�FG�=��h[� ��#�M��T�l8�Nl��H�q>$=�`�j�u�!��@Z��hvG`�.7��࿐a��l"�䃯q��擩��/0�4L��fa��h�aB��T�L��%C��K?��D�a�-�{�M�p��k;T�'Va�ͻ`��?1M��N�:��W��9�5�Kc$�T�yZ�ΝF}$�7(�-��%�z&��#x!C�vh��x�Z�c�~�A�98k�¿i�ǩ,�~�Y��P��@�cAk(n��t�,A�fs��G0��Ρ3��N�96��Y�zW��ǿ:��⤒�t_U�z�Mу@��@|��ƀֶ�/XDEWb�JQl��c&w��LE�y&��Iv?��P� ��U^�֤��{��=�iDR� 9 ��-mJ�� #��Ѐv�{��w��"*��]��QK��|3��cV.^��6�j�M~u�y1`�Δ5��!HC�܎��g?� 1��גy�|�6�o��F��{l��t}��yF��#��8q��*L:!��p@3��d!�=��SFԉ*l��,�ō��d�l��^$��+��Ҧ` y��%&倎Ƅ;!0 �-��KK��<&�!�/ �f��e��0,F F��E#�ltooR��Xc�?m�U��ޭٳ7��0T�� ?�3xM�ۧI�Վ��dGѽ̬�O�訨�j�A��(�� ,��_u�N�Hί��KZ�\Q��Qz��R�p��ҊƳ߳8X͍�O�.��"�q��!S˻��'� �)��~�1)�$~��b��<�7տPT��ww�>��3U�J��ʝۓGM��^��i�pU�d�X��{iv�05��EFG&^G�"��$!��ڮQDH4�/ �5TǠ��r��-�~�o�6M��L��)��#u��<ŭ�n5`�\Y{��AU祳u��}�5�]Ƭ�mvlK~U��h#��D�4� ^il�v��mj1_�T3!��̖�Tn&�<��,�k:�|f�t�׬<'W�1IVk��Pk@Ұ�mĐJ��Xg� �Z��Zy} ��4��#~�Hs"-�1F?��_x�m�Q�"�8m�� }��d�=mR�p��]��oO��i��0r��7�@G��3x�5��l"[ ��ү^O��a=p�qW��צ�E]h�ƟB"O��z�ȟ� VnE��p��K�_Ո�f��ĺ��]�,��$_�4R͟S0L�z5�?O�:��Y�z#��!K�Mj��:o�ũ��Jq��#��uk��CU�M�8_:��"�'1]#�r�o�3��S�)1DQ�)�g��6��&!#��": ]`��)�N��Z}�N#A��RHX7�ߡ{;�#%�1�w�V �D�� ^��`v��Bj��ZWhQwD��I!�݀�w�o;K ��x��VM�0L�|��;y;Of�{ ccc0>Ph��cI}�=�v� [?%%��u0oX��n��_�C��Y?�r��(�gy�Q7S- Ҋ�g�}�딬ٙ�ƻ�"`�� +�gFGZ@�FT�,�d)!FY��إN �u��=��`@��b��2�u ��cŠV�'�ɿ�E#�,��Ndz�t,�\��X �8r�N�12��%�M��q�~�ᇐ�zV�$�p灢��4��E��U��N��V��{k9,�@*� ��F�9LІ��p{ғ��B�Z""!��g�g�a��$��Bwm�e��7��U9h'�9�%G�/ x��S��Nc�U��,�Ȧ�&�+Dg��g�8|�K"-�h��O��L�:��2�ss�9�� .r�? �`1=eo�s��5z^��a&��G��/g}�22;��/�qH��I��]_��{��=�#�d�0��$��2W� �I�9�=�A|�45��{Ti> Xb�� C��p�svmfCi��{�VBx��sJ��l��5��am�+ y��E#\M
??0OrbitSession@orbitdll@mg@@QAE@PBDG@Z
??0OrbitSession@orbitdll@mg@@QAE@XZ
??0Proxy@orbitdll@mg@@QAE@PAVIFileCallback@12@@Z
??1OrbitSession@orbitdll@mg@@QAE@XZ
??1Proxy@orbitdll@mg@@QAE@XZ
??_FProxy@orbitdll@mg@@QAEXXZ
?ClaimCdKey@OrbitSession@orbitdll@mg@@QAEXIPAVIClaimCdKeyListener@23@PADI@Z
?Close@SavegameReader@orbitdll@mg@@QAEXXZ
?Close@SavegameWriter@orbitdll@mg@@QAEX_N@Z
?CreateAccount@OrbitSession@orbitdll@mg@@QAEXIPAVICreateAccountListener@23@PAD1PAG11EEG_N3@Z
?GetGeoIpCountry@OrbitSession@orbitdll@mg@@QAEXIPAVIGetGeoIpCountryListener@23@@Z
?GetLocText@OrbitSession@orbitdll@mg@@QAEPBGPBGPBD@Z
?GetLoginDetails@OrbitSession@orbitdll@mg@@QAEXIPAVIGetLoginDetailsListener@23@@Z
?GetName@SavegameInfo@orbitdll@mg@@QAEPBGXZ
?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QAEXIPAVIGetNetworkTrafficListener@23@@Z
?GetOrbitServer@OrbitSession@orbitdll@mg@@QAEXIPAVIGetOrbitServerListener@23@II@Z
?GetProductId@SavegameInfo@orbitdll@mg@@QAEIXZ
?GetProxyIfNeeded@Proxy@orbitdll@mg@@QAE_NPBDGAAV?$StaticString@$0BAAA@@common@3@@Z
?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QAEIXZ
?GetSavegameId@SavegameInfo@orbitdll@mg@@QAEIXZ
?GetSavegameList@OrbitSession@orbitdll@mg@@QAEXIPAVIGetSavegameListListener@23@I@Z
?GetSavegameReader@OrbitSession@orbitdll@mg@@QAEXIPAVIGetSavegameReaderListener@23@II@Z
?GetSavegameWriter@OrbitSession@orbitdll@mg@@QAEXIPAVIGetSavegameWriterListener@23@II_N@Z
?GetSize@SavegameInfo@orbitdll@mg@@QAEIXZ
?GetTos@OrbitSession@orbitdll@mg@@QAEXIPAVIGetTosListener@23@PBD1@Z
?IsSavegamesInSync@Proxy@orbitdll@mg@@QAE_NXZ
?IsVersionBanned@OrbitSession@orbitdll@mg@@QAEXIPAVIIsVersionBannedListener@23@II@Z
?LogIn@OrbitSession@orbitdll@mg@@QAEXIPAVILogInListener@23@PADPAG@Z
?LogOut@OrbitSession@orbitdll@mg@@QAEXIPAVILogOutListener@23@@Z
?OwnsProduct@OrbitSession@orbitdll@mg@@QAEXIPAVIOwnsProductListener@23@I@Z
?Read@SavegameReader@orbitdll@mg@@QAEXIPAVISavegameReadListener@23@IPAXI@Z
?RemoveSavegame@OrbitSession@orbitdll@mg@@QAEXIPAVIRemoveSavegameListener@23@II@Z
?SetCookie@Proxy@orbitdll@mg@@QAEXI@Z
?SetName@SavegameWriter@orbitdll@mg@@QAE_NPAG@Z
?SetSavegameSyncCallback@Proxy@orbitdll@mg@@QAEXPAVISavegameSyncCallback@23@@Z
?SetStaticProxy@Proxy@orbitdll@mg@@QAEXPBD@Z
?SetUseOnlineSave@Proxy@orbitdll@mg@@QAEX_N@Z
?Start@Proxy@orbitdll@mg@@QAE_NXZ
?StartLauncher@OrbitSession@orbitdll@mg@@QAE_NIIPBD0@Z
?StartProcessingSavegameSyncTasks@Proxy@orbitdll@mg@@QAEXXZ
?StartSavegameSync@Proxy@orbitdll@mg@@QAEXW4TestMode@SavegameStorage@23@PAVITestStatusCallback@523@@Z
?StopSavegameSync@Proxy@orbitdll@mg@@QAEXXZ
?Update@OrbitSession@orbitdll@mg@@QAEXXZ
?ValidateLauncherCookie@OrbitSession@orbitdll@mg@@QAEXIPAVIValidateLauncherCookieListener@23@I@Z
?ValidateUsername@OrbitSession@orbitdll@mg@@QAEXIPAVIValidateUsernameListener@23@PAD@Z
?Write@SavegameWriter@orbitdll@mg@@QAEXIPAVISavegameWriteListener@23@PAXI@Z
MgOrbitdllGetFakeSession
MgOrbitdllGetLocText
MgOrbitdllGetLoginDetails
MgOrbitdllGetNetworkTraffic
MgOrbitdllGetOrbitServer
MgOrbitdllGetRequestUniqueId
MgOrbitdllGetSavegameList
MgOrbitdllGetSavegameReader
MgOrbitdllGetSavegameWriter
MgOrbitdllGetSession
MgOrbitdllRemoveSavegame
MgOrbitdllSaveGameInfoGetName
MgOrbitdllSaveGameInfoGetProductId
MgOrbitdllSaveGameInfoGetSavegameId
MgOrbitdllSaveGameInfoGetSize
MgOrbitdllSaveGameReaderClose
MgOrbitdllSaveGameReaderRead
MgOrbitdllSaveGameWriterClose
MgOrbitdllSaveGameWriterSetName
MgOrbitdllSaveGameWriterWrite
MgOrbitdllStartLauncher
MgOrbitdllUpdate

Sections

.text
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78743a3f59a8fbd4d912a46e11971a7e

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 173KB

.rdata Size: - Virtual size: 44KB

.data Size: - Virtual size: 17KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 168KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: - Virtual size: 524KB

.vmp2 Size: 746KB - Virtual size: 745KB

.reloc Size: 512B - Virtual size: 148B

.text
Size: - Virtual size: 173KB

.rdata
Size: - Virtual size: 44KB

.data
Size: - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 168KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: - Virtual size: 524KB

.vmp2
Size: 746KB - Virtual size: 745KB

.reloc
Size: 512B - Virtual size: 148B