ffe2e6c7a913f337cc9cac14cefb13b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffe2e6c7a913f337cc9cac14cefb13b8_JaffaCakes118
Size

257KB
MD5

ffe2e6c7a913f337cc9cac14cefb13b8
SHA1

e7e67a9941a8838a74f7f8733624a52dc9324e40
SHA256

b6efac71bda4acfef4f6c7c8cecc54919978d7f9382f3a069a93e6e81ae3ff56
SHA512

68ad40c61234bc9a7266f162545e33889a67287e884a5d2f80b223380eed0e37dc097f03753d918f2d3d0fc38b2c6aed9ec9d2fa1603a72bf63cd58a0eabd011
SSDEEP

3072:Tk6JzOZDK2IIXtnyTzk6FCLqpv5kTL/wxs3VsWlZ0jpbt+H/m/bMk0jfBHkTtTfc:qRK2IIXtxephkTLWsxkpU+/IXDBkzZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe2e6c7a913f337cc9cac14cefb13b8_JaffaCakes118

Files

ffe2e6c7a913f337cc9cac14cefb13b8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1955bedac91fee1f677ee663f045396a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
RaiseException
TerminateProcess
GetCommandLineA
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
GetACP
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
SetLastError
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
InterlockedIncrement
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CopyFileA
ExitProcess
LoadLibraryA
GetProcAddress
WriteFile
FreeEnvironmentStringsW
CloseHandle
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
DestroyWindow
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
CreateWindowExA
GetClassLongA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetPropA
GetDC
MessageBoxA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RestoreDC
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
CreateBitmap
SaveDC
DeleteDC
DeleteObject
SelectObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

Exports

Exports

AddDllToBlacklist
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
GetBlacklistIndex
IsBlacklistInitialized
SuccessfullyBlocked
getGameMarketID
��D񼳥�o�o��@��l�IԼ��G��*�$��P\��;��>p�|\]w~b�S"R��: �p&G_�RF#��Uu�?��s̈��"��^ّH�0�n��8��]��ڭ�Թy��E��n��]t��+�d��lc��(��C�S�4+'�Z�p��b�e99� I4�0� J��&��~`�kl��=T�`�Aa�;�}�\��X�Z.�R�� _�Q�[t�gt\G��ƽ�|Usrt �H�o�1��_E:��50|;u�In/��Ϩ��v@^7��'�ؤD^�t��.�u'x��E��ט��)8�:�M�ς�:*F�8*�� l�ZG�MgM�P݊�*o��'��j�p��;{#��ٲx5��F˖�m��>Up1�+Q��@�BQG%��{�:��F��x�'�o=�|��2�_��w��3�%�W��f�f��kW��id��AwQ�)��y��p��X�N��)��w��+.<E��ˌ�\�mkh�#�VYr�%>f�$?�x�� "9��Q��߅V�3W"�?��o�)O�h��/��{2�� .�sL,�j��W4щ|r��S~9ɵ��F�p�TE�9T�{��徑1�)I�7�] ��RS��D��3J�ˬi��Hsj<�W��7y��Al��Ll��L�@�v��Bc�LғZx'7�uq��.�� z+:�7��k�F�� ;s6�|�[� Q(\�4;�(�*'�r�[��j�NI�"�cg�sx[4�)c=a�&�O\��Zʾ-=�Q�XI�؞�`p�~z?N�+O��JX��J�ncά �FSj�� m.Q��5Dj��'�E��'�4�-��m�|�V�.��G?O�4��>ϩ�je�#�S��ԑv<<a��j�ָ�Mr��R[d?Vz�{,NH�x.13��'��֎�4��s�۩}�q�;�9��X�/x�O�+Ï5wuC�Qb�?c�Z\p��(�=��z�r�J'~7��}��@�,�"�<�* �`��m��eD��R� R%_U%[� ��L�� Lm<!d� ��^1٣�Z}�#��X��t��J.�g�L7@�htAu�<�~�V6��9t�w��N�C��l��w��Rh�P��$w�fXxP��J9*t�8�6�4:��߯�e�[�m.��D*=X�8� ��i��)��5��)vb��C2�W��n,��a�Y�.��~&��ĵ�t�C�t�5i��B��kh�?%��|4b�(�K�n� �v\�kW��׭��.3kp'1�|�R��+3�CC�^Ε|`\*��V�%��J�/?��ߏ�r�| .��p�̉�5�+%k�^ma"O��I��6kԄ9߀U�%oy��+$t9c�2�u� F��W�� g.�˦H8o^��7:�vOT�~l$�d��5��6ckl��AwL#N��R��T��_GK��X�͞��u�fq��#��1��⼭�}�T3�ˢ��g��~��ӕM�c��%�_��R�]��w�>�LF��t�@Z�Mr�"?�3��mNjm$ �EIн�9�� x��m�M��YH� �;��P��b��>{��V��}��D��m�V��jy��c�E��bup0�dds ��e�ߣ�*��n�� &��H?S2��'c�5�Z^'upHyE=�,�3 ��-��G?��d!��z��J�Z/p��,Ge}��|��Ʋ(؋ܫ3��6�@��D�T�N��iO_ǣ��B-��,ѕc"��,i@��f�}k��&�(�)�c$$x��N*+�R��x�Ham+ӵ#�^V?U�Mhl��֛7T�Y�C�[�~Ve-��sA��Tc��U�tW; �'/��f��w�ά��?�V�"3��\-]�v�k��V��V�F� w��8�=nN��hͥ��Z��n�bc��7F�j�oD�&��Uuz~io��xS&z��H��AQ�+�]O��x��ԟ�B��%�ر�K;t��'/j�<�-S��@|��]C��2d��ygݷ��aj�衸��Q�Ɗ�2�Y��zB��O��Z�T��;6�d��lg F�lW3��1��VlD�+9��T<�P�y�0�;"p��cO�FUϖ��a!��];j@F�68dl�ĕQ��p7H!�#~�7�:o��Ns��oq�cE#5����!�tD�P�.�@��^�R��I�T��v�%�ci�j�[��vr�� [н46#�7��2��#�ޛ�d��d��D3(�v�8R��mr{��9��pp�Ȋ��xW@�7��D��aoC�zy۵��ڡ�=&!!�?^{�)��c}�߫�� _׋e��8w�� Pڊ�u!�`H��z>�QwF�Ky�C:f۸�� r�yϹ*��Ӧ��o��B^w��8�{�^��> 6Ȇ��~��-� I�j�ys��'�|9.�g��٬��X�"˼�p{W� uX� ��9+wx}|�*�֌��dډ�EB��ϫK�xh`��aÅ�z�grX�)�#'4$��V�$F�!@=��D��9^��=�=ӑ:tI�� HZ��Tv��@��빪��4�kb�uO%�>��B��8w��6dﬖPZ��xA��ұs;-φvA�4�&��.�U�>̠|��X��g��o��N{�A��\�3{?�*�� ZĈ}��D�M�D�� e�� ]��>�n��X��,h�z�?�]3&)�J�`b�ս�J<ʕS��2`��$�u�l�+^G��R��C̏��U[}+�m��%'پ��:�R�D

Sections

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1955bedac91fee1f677ee663f045396a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.bss Size: - Virtual size: 13KB

.data Size: 157KB - Virtual size: 157KB

.rsrc Size: 7KB - Virtual size: 7KB

.vmp0 Size: 13KB - Virtual size: 12KB

.vmp1 Size: 39KB - Virtual size: 38KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 32KB - Virtual size: 32KB

.reloc Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 13KB

.data
Size: 157KB - Virtual size: 157KB

.rsrc
Size: 7KB - Virtual size: 7KB

.vmp0
Size: 13KB - Virtual size: 12KB

.vmp1
Size: 39KB - Virtual size: 38KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 32KB - Virtual size: 32KB

.reloc
Size: 6KB - Virtual size: 6KB