3d66e5b8f38125766ffb8c717aa78c56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d66e5b8f38125766ffb8c717aa78c56_JaffaCakes118
Size

3.6MB
MD5

3d66e5b8f38125766ffb8c717aa78c56
SHA1

d26119c09cb1ff634ceb143c2746879787de6ed0
SHA256

548ad47bade3ff2bd94250067b9b15ed93d2cc8e1f5d761b5bd54c58d22923ae
SHA512

ab54828ae4a32c4c22920f29f3e80a412a2dafe1fb2d3243a7eaab25df061475585c32c693f9518bad7ca0fdab2e0497609075c6e65475b3d3d11d6239027193
SSDEEP

98304:iQKUuEd/okbiQ73MU2P6Zb95eay7rLxL:BKUuE9RbiQ73M8Fel7rLx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d66e5b8f38125766ffb8c717aa78c56_JaffaCakes118

Files

3d66e5b8f38125766ffb8c717aa78c56_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d4d922b2d6d46516756f744e194bac00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Device_ID_ExA
CM_Get_DevNode_Status_Ex
CM_Get_Sibling_Ex
CM_Get_DevNode_Registry_Property_ExA
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Disconnect_Machine
CM_Get_Child_Ex

rpcrt4

UuidFromStringA

mfc42

ord4277
ord5683
ord3027
ord4042
ord501
ord773
ord5685
ord3274
ord5572
ord2919
ord5495
ord439
ord736
ord5607
ord1083
ord5600
ord5861
ord2915
ord4809
ord3610
ord656
ord2289
ord1088
ord2138
ord6380
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord715
ord415
ord4287
ord1081
ord2645
ord6334
ord2761
ord2775
ord3876
ord2859
ord3706
ord5789
ord6172
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord616
ord609
ord2860
ord818
ord5710
ord3317
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord2452
ord3752
ord4694
ord5148
ord6900
ord4133
ord4297
ord5788
ord472
ord2862
ord3293
ord3797
ord3301
ord3286
ord6907
ord1105
ord5651
ord3616
ord665
ord6385
ord5442
ord1979
ord924
ord922
ord3318
ord3127
ord5186
ord3097
ord350
ord354
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord5875
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord686
ord1134
ord1205
ord2725
ord536
ord1200
ord384
ord926
ord1601
ord6007
ord3998
ord3178
ord1642
ord3185
ord3499
ord2515
ord355
ord3337
ord2453
ord3452
ord2065
ord6930
ord6663
ord4202
ord613
ord289
ord6905
ord6282
ord539
ord2784
ord6283
ord3662
ord5620
ord5823
ord3664
ord2448
ord2841
ord2107
ord2044
ord5450
ord5834
ord6394
ord5440
ord6383
ord4278
ord6662
ord2846
ord4275
ord6358
ord3873
ord4123
ord4480
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord6021
ord2614
ord2567
ord283
ord2450
ord5053
ord3138
ord3716
ord790
ord3711
ord783
ord3742
ord2112
ord6442
ord1233
ord6128
ord3719
ord793
ord6876
ord6874
ord547
ord1140
ord3744
ord6242
ord3692
ord1264
ord1567
ord268
ord6141
ord861
ord3089
ord2818
ord5953
ord2864
ord2379
ord470
ord323
ord1640
ord5785
ord2405
ord640
ord755
ord3571
ord1641
ord537
ord809
ord2414
ord3626
ord3663
ord556
ord3573
ord3619
ord4710
ord4160
ord6199
ord4234
ord2302
ord2370
ord825
ord324
ord540
ord860
ord641
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord430
ord729
ord1705
ord2504
ord325
ord326
ord6453
ord4284
ord6197
ord3874
ord2822
ord4055
ord6880
ord3921
ord4129
ord3093
ord6143
ord6781
ord5981
ord2086
ord1168
ord1669
ord2652
ord1779
ord5787
ord2301
ord567
ord541
ord795
ord801
ord3721
ord3402
ord5290
ord1776
ord6055
ord939
ord356
ord941
ord2770
ord2781
ord4058
ord3181
ord3319
ord1980
ord668
ord663
ord348
ord6877
ord940
ord414
ord6883
ord713
ord4204
ord2764
ord5859
ord535
ord858
ord4224
ord2358
ord2754
ord614
ord438
ord3579
ord4424
ord4622
ord3353
ord3273
ord3882
ord4367
ord2642
ord6215
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord2122
ord3092
ord1087
ord4299
ord3811
ord2820
ord823
ord5821
ord4476
ord1576
ord1089

msvcrt

_strnicmp
_itoa
ftell
fseek
floor
getenv
realloc
_setmbcp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
wcslen
_mbscmp
wcscmp
_mbsicmp
longjmp
_setjmp3
fflush
fputc
strncmp
_CxxThrowException
_access
vsprintf
fwrite
fread
mbstowcs
_snprintf
_iob
memmove
_except_handler3
__p___argv
fprintf
exit
rename
_purecall
free
malloc
strtok
sscanf
strncpy
_splitpath
_unlink
_open
_fstati64
_close
fopen
fclose
clock
_mkdir
_rmdir
_stricmp
_ftol
_fstat
sprintf
__CxxFrameHandler
atoi

kernel32

GetTickCount
GetCurrentThreadId
GetACP
CreateSemaphoreA
CreateThread
InterlockedExchange
CreateEventA
InterlockedDecrement
_hread
_hwrite
_llseek
_lclose
OpenFile
InterlockedIncrement
GetStartupInfoA
lstrcpynA
CreateFileW
GetFileType
GetFileSize
ReadFile
GetCurrentProcessId
lstrlenW
MultiByteToWideChar
SizeofResource
GlobalSize
GetCurrentProcess
GetVersionExA
GetFileInformationByHandle
GetLocalTime
CreateDirectoryA
GlobalReAlloc
GetSystemDirectoryA
GetSystemDefaultLCID
WideCharToMultiByte
CreateFileA
WriteFile
GetLastError
CloseHandle
GetCurrentThread
GetThreadPriority
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
CopyFileA
SetThreadExecutionState
GetModuleHandleA
GetCurrentDirectoryA
Sleep
ResumeThread
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
lstrcpyA
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
MulDiv
SetEvent
GetFullPathNameA
GetVolumeInformationA
WaitForSingleObject
EnterCriticalSection
ResetEvent
LeaveCriticalSection
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
lstrlenA
GetComputerNameA
OutputDebugStringA
WaitForMultipleObjects
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ClientToScreen
WindowFromPoint
ReleaseCapture
GetWindowLongA
DestroyCursor
EnableMenuItem
CreateMenu
SetCapture
GetCapture
GetActiveWindow
SetRect
SetCursor
DrawTextA
FillRect
DrawFocusRect
TabbedTextOutA
GrayStringA
ModifyMenuA
GetDlgItem
GetKeyState
IsIconic
DrawIcon
GetSystemMenu
AppendMenuA
SystemParametersInfoA
LoadIconA
MessageBoxA
CopyRect
GetFocus
LoadBitmapA
SetWindowLongA
SetWindowRgn
UpdateWindow
GetDC
ReleaseDC
MonitorFromWindow
GetMonitorInfoA
wsprintfW
GetQueueStatus
DestroyIcon
PostThreadMessageA
wvsprintfA
MsgWaitForMultipleObjects
CharUpperA
SetWindowTextA
ShowWindow
CreateWindowExA
DrawStateA
OffsetRect
InflateRect
FrameRect
IsRectEmpty
ScreenToClient
GetCursorPos
GetScrollInfo
GetWindowTextA
EndDialog
SetFocus
GetWindow
CallWindowProcA
LoadCursorA
EnableWindow
GetSysColor
InvalidateRect
PostMessageA
GetParent
KillTimer
SendMessageA
GetWindowRect
SetTimer
IsWindowVisible
wsprintfA
UnregisterDeviceNotification
RegisterDeviceNotificationA
FindWindowA
LoadMenuA
GetSubMenu
CheckMenuItem
LoadStringA
GetSystemMetrics
RegisterClipboardFormatA
SetParent
GetClientRect
PtInRect
SetForegroundWindow
PeekMessageA
DispatchMessageA
TranslateMessage
LoadImageA
RedrawWindow
RegisterWindowMessageA
GetIconInfo
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetPaletteEntries
SelectPalette
SetDIBitsToDevice
StretchDIBits
CreatePalette
Escape
ExtTextOutA
TextOutA
PtVisible
GetWindowExtEx
GetViewportExtEx
LPtoDP
GetMapMode
DPtoLP
GetBkColor
CreatePen
SaveDC
SetBkMode
RestoreDC
ExtCreateRegion
SetTextColor
OffsetRgn
GetPixel
CreateBitmap
CreateDIBitmap
DeleteDC
SetStretchBltMode
StretchBlt
CreateEllipticRgn
CreatePolygonRgn
CreateFontA
CreateRectRgn
CombineRgn
DeleteObject
CreateFontIndirectA
GetObjectA
GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetBrushOrgEx
CreateDIBSection
Rectangle
SelectObject
RectVisible
GetTextMetricsA
GetTextExtentPoint32A
FrameRgn
FillRgn

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
DragQueryFileA
ShellExecuteA
SHGetFolderPathA
SHGetMalloc
SHBrowseForFolderA
DragFinish
SHGetSpecialFolderPathA
SHFileOperationA

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_GetScrollProp
FlatSB_SetScrollRange
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
FlatSB_GetScrollRange
FlatSB_ShowScrollBar
FlatSB_EnableScrollBar
ImageList_GetImageCount
ImageList_Remove
ImageList_Create
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
_TrackMouseEvent
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
UninitializeFlatSB

ole32

GetRunningObjectTable
CreateItemMoniker
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

olepro32

ord250

oleaut32

VariantClear
SysAllocString
VariantInit
SysAllocStringLen
SysFreeString

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCloneImage
GdipFree
GdipAlloc
GdipGetImageFlags
GdipCreateBitmapFromScan0
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipBitmapSetResolution
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipDrawImageRectI
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth

avifil32

AVIFileOpenA
AVIFileExit
AVIFileRelease
AVIStreamRelease
AVIStreamGetFrameClose
AVIStreamGetFrame
AVIStreamGetFrameOpen
AVIFileGetStream
AVIFileInfoA
AVIFileInit

wmvcore

WMCreateProfileManager

convert

ConvertValue

shlwapi

PathAppendA
PathFileExistsA
PathIsDirectoryA

dsound

ord2
ord7

winmm

timeGetTime
timeSetEvent

Sections

.text
Size: - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 224KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4d922b2d6d46516756f744e194bac00

Headers

File Characteristics

Imports

setupapi

rpcrt4

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

gdiplus

avifil32

wmvcore

convert

shlwapi

dsound

winmm

Sections

.text Size: - Virtual size: 607KB

.rdata Size: - Virtual size: 100KB

.data Size: - Virtual size: 260KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 224KB - Virtual size: 525KB

.text
Size: - Virtual size: 607KB

.rdata
Size: - Virtual size: 100KB

.data
Size: - Virtual size: 260KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 224KB - Virtual size: 525KB