fd8a932c6fb18e88b2413de8bae7f743_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd8a932c6fb18e88b2413de8bae7f743_JaffaCakes118
Size

5.3MB
MD5

fd8a932c6fb18e88b2413de8bae7f743
SHA1

c470b8f3e7cdb1db19b38678f5b1140c405ec157
SHA256

0a67a84e435488e1439791b0882a03ed1895727d9725fdcfecdd8ede2f3532cd
SHA512

dd1f97dfd25be75da7c372862bad4fe94c021e0a113f4420e3e02044db125db4a51b4ca9d8e4e585de75ffcce7641ffee6589238d8f5487b28ca99f81f6da0b8
SSDEEP

98304:d696daWAMMmT/fox4ohBP42oZNzWVgAhFX+xv8nNiwNJXIEASeSSY4dErWNll:g9oaWAonKjgMX+xvCNiwNKBfbNll

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8a932c6fb18e88b2413de8bae7f743_JaffaCakes118

Files

fd8a932c6fb18e88b2413de8bae7f743_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5cc235dd606b429af749bcc4d7982503

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

SetServiceStatus

ole32

CoUninitialize

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSSendMessageW

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

psapi

EnumProcesses

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cc235dd606b429af749bcc4d7982503

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

userenv

wtsapi32

wininet

urlmon

psapi

user32

Sections

.text Size: - Virtual size: 20KB

.rdata Size: - Virtual size: 9KB

.data Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 20KB

.rdata
Size: - Virtual size: 9KB

.data
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 434B