f96d067e7d5686b824c20643c6b44732_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f96d067e7d5686b824c20643c6b44732_JaffaCakes118
Size

160KB
MD5

f96d067e7d5686b824c20643c6b44732
SHA1

61690b33c58d031373a06b877fdd79450f215601
SHA256

98b5d18a022423213f1f9dd6153ad3c44ff2fbbca99ca1bc8a7264d9691bbfeb
SHA512

653116ecea0f8ee32eccae7626a7ba8268479247fa6b29bede6c7320e266888f2c5dcdae25ba58b30fae4a1dfb228ccebb1640722aaa7f41a07b77e49787e2d8
SSDEEP

3072:exYumE23BBZ2qQ7UclF7ZMeNIgJvPQc+jmD6XmaWfNrO/gyK4cHPLna+KcagrPX:qYuYBZxMZMeN9vPQpmDzaWfNrOem+trP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f96d067e7d5686b824c20643c6b44732_JaffaCakes118

Files

f96d067e7d5686b824c20643c6b44732_JaffaCakes118
.dll windows:4 windows x86 arch:x86

360a531d26149cce961600ee3ec47d6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
HeapFree
ExitProcess
GetModuleFileNameA
GetLastError
lstrcmpiA
lstrcpyA
lstrlenA
lstrcatA
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress

user32

CharLowerA
wsprintfA

advapi32

GetLengthSid
CloseServiceHandle
CreateServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
OpenServiceA
StartServiceA
FreeSid
OpenSCManagerA

msvcrt

free
_except_handler3
_mbsstr
__CxxFrameHandler
??2@YAPAXI@Z
_initterm
malloc
_adjust_fdiv

Exports

Exports

CopyDirA
CopyDirW
CopyFileA
CopyFileW
CreateDirA
CreateDirCleanFileNameA
CreateDirCleanFileNameW
CreateDirW
DeleteDirA
DeleteDirW
DeleteFileA
DeleteFileW
FileExistsA
FileExistsW
GetCurDirectoryA
GetCurDirectoryW
GetCurFullPathA
GetCurFullPathW
GetFileSizeA
GetFileSizeW
GetFileVersionDWORDA
GetFileVersionDWORDW
GetFileVersionStrA
GetFileVersionStrW
GetKafeOemFilePathA
GetKafeOemFilePathW
MoveFileRebootA
MoveFileRebootW
QueryOEMInt
QueryOEMStrA
QueryOEMStrW
SetOEMFullPathA
SetOEMFullPathW
WriteAllOemData

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

360a531d26149cce961600ee3ec47d6a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.vmp0 Size: 4KB - Virtual size: 688B

.vmp1 Size: 132KB - Virtual size: 128KB

.reloc Size: 4KB - Virtual size: 784B

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 4KB - Virtual size: 688B

.vmp1
Size: 132KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 784B