fc98ec910dde8fcd6385eb08df1b6d76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc98ec910dde8fcd6385eb08df1b6d76_JaffaCakes118
Size

52KB
MD5

fc98ec910dde8fcd6385eb08df1b6d76
SHA1

c30f2299c683cd906706f0c94a7ecaea637e658f
SHA256

c2512129ada45c45fd63563ca66bd1726527cc2abe8bd041a7d6adbd5862b8db
SHA512

52cdb83de80acfc93ccddf3a9645718d1d9f8c9335f057bc67dfed41636e29b7e6a5b38759b39127958ce13754956f401b2bad66cbc161bcf15bf63996c27734
SSDEEP

1536:X5KWnuRW5PopbdIScExEaXOQwhwwNlWWZ:2RW5PopbdVcgHXOrwuWI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc98ec910dde8fcd6385eb08df1b6d76_JaffaCakes118

Files

fc98ec910dde8fcd6385eb08df1b6d76_JaffaCakes118
.dll windows:4 windows x86 arch:x86

26440e983166be5772160309d38f8b94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCheckConnectionA

msvcrt

??3@YAXPAX@Z
_strlwr
??2@YAPAXI@Z
_mbscmp
wcslen
mbstowcs
_onexit
__dllonexit
_strupr
_mbsrchr
strrchr
malloc
free
strncmp
strstr
strtol
fseek
fclose
fread
_stat
fopen
??1type_info@@UAE@XZ
__CxxFrameHandler

rasapi32

RasGetConnectStatusA
RasEnumConnectionsA

mfc42

ord2915
ord4204
ord5683
ord5710
ord858
ord941
ord939
ord2818
ord389
ord3229
ord690
ord5204
ord1074
ord6881
ord354
ord5186
ord5442
ord1979
ord665
ord6657
ord5356
ord2393
ord1988
ord540
ord860
ord800
ord537
ord269
ord826
ord600
ord1578
ord6467
ord1243
ord1176

kernel32

LocalFree
LocalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
CreateProcessA
SetEndOfFile
GetModuleFileNameA
GetShortPathNameA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
GlobalAlloc
WriteProcessMemory
lstrlenA
MultiByteToWideChar
FindFirstFileA
FindClose
LoadLibraryA
DeleteFileA
TerminateProcess
lstrcpyA
CloseHandle
CreateThread
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLastError
CreateMutexA
GetModuleHandleA
GetCommandLineA
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
OpenProcess
MoveFileA
GetTempFileNameA
UnmapViewOfFile

user32

GetParent
GetWindowTextA
SetForegroundWindow
IsWindowVisible
GetTopWindow
GetWindowDC
VkKeyScanW
GetKeyState
SendInput
SendMessageA
wsprintfA
GetWindow
SetWindowTextA
PostMessageA
FindWindowA
FindWindowExA
CreateWindowExA
SetWindowLongA
LoadBitmapA
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
ShowWindow
SetWindowPos
GetCursorPos
GetWindowRect
GetWindowLongA
GetDesktopWindow
GetDC

gdi32

CreateFontA
GetDIBits
RealizePalette
GetStockObject
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
SelectPalette
SelectObject
SetBkColor
SetTextColor
CreateSolidBrush
GetObjectA
BitBlt

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

shlwapi

PathFileExistsA
StrCmpNIA
StrStrA

iphlpapi

GetAdaptersInfo

Exports

Exports

Runed

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26440e983166be5772160309d38f8b94

Headers

File Characteristics

Imports

wininet

msvcrt

rasapi32

mfc42

kernel32

user32

gdi32

advapi32

shell32

msvcp60

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 26KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

.vmp0 Size: 3KB - Virtual size: 2KB

.vmp1 Size: 17KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 26KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 3KB - Virtual size: 2KB

.vmp1
Size: 17KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 1KB