0640d48ff77a7b75dad3ee25fbcb2a76_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0640d48ff77a7b75dad3ee25fbcb2a76_JaffaCakes118
Size

873KB
MD5

0640d48ff77a7b75dad3ee25fbcb2a76
SHA1

246e1b49f72a7f3b23e32a61d90e1d4a864a1c21
SHA256

24d325d8a8cccac0942d60e6cc370e3576ec80e12c28eb6127d768bd1245e1dc
SHA512

671a13e1a3d998efb918ee144135215f7e55ce37a7763ff4a64a73cd2ae513c5956cf6e8dfd2a8f88469043b8c8377571da21c3b18697fd964cab2e34386bc56
SSDEEP

12288:1M0Jg2bPae3EW75lwgY1mxMiYsJsZAMJsehC54DHN8gnTED+uxRRiO1CtJ6q:60ge9zbY1mx5JNMJd0eHN8gnlMRicy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

0640d48ff77a7b75dad3ee25fbcb2a76_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bbe72e39c987a3ef5be61e836884086

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:92:92:3e:08:80:60
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

19-07-2012 00:30

Not After

20-07-2013 11:27

Subject

CN=深圳市壹柒伍网络科技有限公司,O=深圳市壹柒伍网络科技有限公司,L=深圳市,ST=广东省,C=CN,1.2.840.113549.1.9.1=#0c0e746563684031373570742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 19:46

Not After

17-09-2036 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

31:5f:3c:4f:03:5f:4c:bd:08:09:a5:08:8c:b1:eb:d0:3d:82:0d:4f
Signer

Actual PE Digest

31:5f:3c:4f:03:5f:4c:bd:08:09:a5:08:8c:b1:eb:d0:3d:82:0d:4f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

�ɗ�hqxh�

waveOutOpen

ws2_32

closesocket

kernel32

GetVersion
GetVersionExA
MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CheckMenuItem

gdi32

EndPath

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

RegisterTypeLi

comctl32

ord17

wininet

InternetCanonicalizeUrlA

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4bbe72e39c987a3ef5be61e836884086

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

16:92:92:3e:08:80:60Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

31:5f:3c:4f:03:5f:4c:bd:08:09:a5:08:8c:b1:eb:d0:3d:82:0d:4fSigner

Headers

File Characteristics

Imports

rasapi32

�ɗ�hqxh�

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 473KB

.rdata Size: - Virtual size: 161KB

.data Size: - Virtual size: 268KB

.vmp0 Size: - Virtual size: 288KB

.vmp1 Size: 668KB - Virtual size: 665KB

.rsrc Size: 192KB - Virtual size: 192KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:8e
Certificate

16:92:92:3e:08:80:60
Certificate

3d
Certificate

01
Certificate

31:5f:3c:4f:03:5f:4c:bd:08:09:a5:08:8c:b1:eb:d0:3d:82:0d:4f
Signer

.text
Size: - Virtual size: 473KB

.rdata
Size: - Virtual size: 161KB

.data
Size: - Virtual size: 268KB

.vmp0
Size: - Virtual size: 288KB

.vmp1
Size: 668KB - Virtual size: 665KB

.rsrc
Size: 192KB - Virtual size: 192KB