3a61d7fc9bf5222c76a63c4be454d899_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a61d7fc9bf5222c76a63c4be454d899_JaffaCakes118
Size

2.5MB
MD5

3a61d7fc9bf5222c76a63c4be454d899
SHA1

b5bb1b8c7bb52f84c9842ffb31e907f8a17ea92b
SHA256

409456c0c46aed02e17a2efaf155f95702508a2319d0e2251e9c7ca5ab9ae805
SHA512

e06a51cfaaf36773639c4e4669698dbaa85adbbbd0466000c2cf87b95ab0014e07a83930f1f836c21a703f5f4008dde791d14ccde29a794afcb408396bf50139
SSDEEP

49152:sCgob1jibxBIq6QdEBPlJn+BIqo26u72aIJJbC66U/X57+UH25:fWBQQKP7n+BIqo26ptEwX57bW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a61d7fc9bf5222c76a63c4be454d899_JaffaCakes118

Files

3a61d7fc9bf5222c76a63c4be454d899_JaffaCakes118
.dll windows:5 windows x86 arch:x86

dc229280dff9fd9616929c6395069438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\projects\funny\CQXZS\org\传奇DPK\bin\DPK.pdb

Imports

ws2_32

gethostname

winmm

PlaySoundA

wldap32

ord46

kernel32

GetVersionExA
CreateThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CreateWindowExA

gdi32

CreateDCA

advapi32

CryptGetHashParam

shell32

DragQueryFileA

wininet

HttpAddRequestHeadersA

ole32

CLSIDFromString

comctl32

ord17

riched20

ord4

Sections

.text
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc229280dff9fd9616929c6395069438

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

wldap32

kernel32

user32

gdi32

advapi32

shell32

wininet

ole32

comctl32

riched20

Sections

.text Size: - Virtual size: 2.6MB

.rdata Size: - Virtual size: 343KB

.data Size: - Virtual size: 294KB

.vmp0 Size: - Virtual size: 1.2MB

.vmp1 Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 512B - Virtual size: 92B

.text
Size: - Virtual size: 2.6MB

.rdata
Size: - Virtual size: 343KB

.data
Size: - Virtual size: 294KB

.vmp0
Size: - Virtual size: 1.2MB

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 512B - Virtual size: 92B