fd626894a237808ce7282f3c300b54bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd626894a237808ce7282f3c300b54bd_JaffaCakes118
Size

916KB
MD5

fd626894a237808ce7282f3c300b54bd
SHA1

5c46caf0b8cd3554d7854e43d165cab425c702bb
SHA256

b34c999f1090a2e4d97841a7b7d002c3ef43fcc272be74c80631cf0c4336df0a
SHA512

401f91ceffac095dd2ed5bb2c368f982f9f7926121dce8d00d3f56c0e3ef56efa4db0ff92c45da84a802ab75b377fa5a3236b771284786a5efa11df48c26beb5
SSDEEP

24576:7Xr/mTeC/sHyK+MaZD+UaIbey317AnxtkLabFqG:7XTmTMHnuh+UFyy3CfWaZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd626894a237808ce7282f3c300b54bd_JaffaCakes118

Files

fd626894a237808ce7282f3c300b54bd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

eb6bcc5579004f1bacfb1bf3afcc1d32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutWrite

ws2_32

WSAAsyncSelect

kernel32

DeleteFileA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetScrollRange

gdi32

SaveDC

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

comdlg32

ChooseColorA

Exports

Exports

??��?��??��yD��
?��?��
RunDllHostCallBack
��??��?1��?��Call

Sections

.text
Size: - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 896KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb6bcc5579004f1bacfb1bf3afcc1d32

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 695KB

.rdata Size: - Virtual size: 104KB

.data Size: - Virtual size: 219KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 88KB

.vmp1 Size: - Virtual size: 522KB

.vmp2 Size: 896KB - Virtual size: 892KB

.reloc Size: 4KB - Virtual size: 192B

.text
Size: - Virtual size: 695KB

.rdata
Size: - Virtual size: 104KB

.data
Size: - Virtual size: 219KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 88KB

.vmp1
Size: - Virtual size: 522KB

.vmp2
Size: 896KB - Virtual size: 892KB

.reloc
Size: 4KB - Virtual size: 192B