f9fdd7d81ee155f12836113626ce6526_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9fdd7d81ee155f12836113626ce6526_JaffaCakes118
Size

56KB
MD5

f9fdd7d81ee155f12836113626ce6526
SHA1

a8adfc0ffa651fd08d276f073c239017bb8efd68
SHA256

2b57a2b8a622aa5ef89e036790e448570a350fb5be4fdb7c7d1d0279420fae27
SHA512

f3395aa53d730f9f92f74e0a6a27da95856af827092f7a2e0e36dc25e495734c9d47d90a70160631c10dff4fee8f469f6620410a0b51beccffb2e44e9529efc0
SSDEEP

768:h7QhMER88BiKh4FpPbkGmL4+iezv4HG4grhxxKzHNW2:h7QhS8wfpYGy7iAsA2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9fdd7d81ee155f12836113626ce6526_JaffaCakes118

Files

f9fdd7d81ee155f12836113626ce6526_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aebdbfb40c6708155f30d095ee4627dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExA

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3922
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3953
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1176
ord3825
ord1116
ord269

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
fopen
fwrite
fclose

kernel32

LocalFree
GetLocalTime
GetCurrentProcessId
lstrcatA
GetCurrentThreadId
lstrcpyA
GetCurrentProcess
LocalAlloc

user32

wsprintfA
GetWindowTextA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
GetActiveWindow
OpenDesktopA
SetThreadDesktop
SetWindowsHookExA
CallNextHookEx
GetKeyboardState
ToAscii
SetProcessWindowStation

Exports

Exports

SK

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aebdbfb40c6708155f30d095ee4627dc

Headers

File Characteristics

Imports

psapi

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

Share Size: 4KB - Virtual size: 264B

.rsrc Size: 4KB - Virtual size: 16B

.vmp0 Size: 4KB - Virtual size: 576B

.vmp1 Size: 24KB - Virtual size: 21KB

.reloc Size: 4KB - Virtual size: 1008B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

Share
Size: 4KB - Virtual size: 264B

.rsrc
Size: 4KB - Virtual size: 16B

.vmp0
Size: 4KB - Virtual size: 576B

.vmp1
Size: 24KB - Virtual size: 21KB

.reloc
Size: 4KB - Virtual size: 1008B