f705f66dd1734fef5c3f2a41c7c7254a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f705f66dd1734fef5c3f2a41c7c7254a_JaffaCakes118
Size

70KB
MD5

f705f66dd1734fef5c3f2a41c7c7254a
SHA1

bd03e4008be05c0a0a6edd06ed534fb5144b7f7e
SHA256

af7495ef2a261b0cfdbf30c27344e537728381b4bdf2e8d8ff741fea78c6563d
SHA512

ba5b63ab7f56040a78b3c22c6df10c96a43e82ae330ba5e7590675fa58a9b0df8c6782ffb32355226b01e596f60449f9ea512e5bdb0704f7ca540154f5101061
SSDEEP

1536:JFCWgv5KyLbq8/OUfmGU/MrwU+tpgRh6Tj2KQ7Y:J0JhKuPeGUa+tpcoj2FM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f705f66dd1734fef5c3f2a41c7c7254a_JaffaCakes118

Files

f705f66dd1734fef5c3f2a41c7c7254a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ea9dabdd905e2a98f916aba1c87026fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetLastError
CreateMutexA
LoadLibraryA
DeleteCriticalSection
VirtualProtect

user32

wsprintfA
MessageBoxA
GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

GetPixel

wsock32

WSACleanup

wininet

InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

.data
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 356B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9dabdd905e2a98f916aba1c87026fd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

wsock32

wininet

Exports

Exports

Sections

.data Size: - Virtual size: 152KB

.pdata Size: 52KB - Virtual size: 52KB

.ex_cod Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 356B

.rsrc Size: 512B - Virtual size: 3KB

.vmp1 Size: - Virtual size: 2KB

.vmp2 Size: 15KB - Virtual size: 14KB

.reloc Size: 1024B - Virtual size: 536B

.data
Size: - Virtual size: 152KB

.pdata
Size: 52KB - Virtual size: 52KB

.ex_cod
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 356B

.rsrc
Size: 512B - Virtual size: 3KB

.vmp1
Size: - Virtual size: 2KB

.vmp2
Size: 15KB - Virtual size: 14KB

.reloc
Size: 1024B - Virtual size: 536B