f745cf78f1009edcec0ef9c233438d8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f745cf78f1009edcec0ef9c233438d8b_JaffaCakes118
Size

880KB
MD5

f745cf78f1009edcec0ef9c233438d8b
SHA1

a6d7f0df4b8f8dc53a772220b74e74efc1d96d62
SHA256

dd91eb5b0aad1d1b4fb973c47aae3a1a21ff8768f483b0141753fbe0bf5bb202
SHA512

153a71587af8dbe745fabde9c7af440a602c9c9eead3ace8f9c0efebe14833ce19ccd41596c020ca7fe5fb87fa107b2392b1b0898e336880f3ba6b66880d49fd
SSDEEP

24576:wSkmxw9yff2cwGQD7d2v9SpoFMQ2NdMNLVTAS7bi:ju6eACz4AS7bi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f745cf78f1009edcec0ef9c233438d8b_JaffaCakes118

Files

f745cf78f1009edcec0ef9c233438d8b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

510f85f2f44a85360371bcd4eeb8fdd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

waveOutPause

ws2_32

connect

kernel32

IsBadCodePtr
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowsHookExA

gdi32

SaveDC

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc

oleaut32

SysStringLen

comctl32

ImageList_Destroy

oledlg

ord8

wininet

HttpOpenRequestA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

510f85f2f44a85360371bcd4eeb8fdd4

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 513KB

.rdata Size: - Virtual size: 280KB

.data Size: - Virtual size: 261KB

.rsrc Size: 140KB - Virtual size: 152KB

.vmp0 Size: - Virtual size: 341KB

.vmp1 Size: 736KB - Virtual size: 735KB

.text
Size: - Virtual size: 513KB

.rdata
Size: - Virtual size: 280KB

.data
Size: - Virtual size: 261KB

.rsrc
Size: 140KB - Virtual size: 152KB

.vmp0
Size: - Virtual size: 341KB

.vmp1
Size: 736KB - Virtual size: 735KB