454c2c6982b1b500acc4c6bf87ea3800_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

454c2c6982b1b500acc4c6bf87ea3800_JaffaCakes118
Size

3.5MB
MD5

454c2c6982b1b500acc4c6bf87ea3800
SHA1

3ecbfc714f014822160479de0efb3adb69127d80
SHA256

db8edbfa356c84253e265436edfa5caa9af8fcc9b926ca443373b9a136b65ac6
SHA512

4e9f425adf3c40a7b970b1a2789991a7fbdec20fa910e449de32d377ee927bc3e95e979c1fbbe44f8441ced313dd15894ddbd2f35891945d8217680a5579a360
SSDEEP

98304:pQBqalpLbekAL+bLrkt2Aa8ImMqoXd1q0j9MQ6bl4Tt:pMqalp3eYfYtBaMMRCKaBbe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/krnl.dll	vmprotect

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bunifu_UI_v1.5.3.dll
unpack001/Indicium-Supra.dll
unpack001/ScintillaNET.dll
unpack001/krnl.dll
unpack001/krnl.exe

Files

454c2c6982b1b500acc4c6bf87ea3800_JaffaCakes118
.zip
Bunifu_UI_v1.5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Indicium-Supra.dll
.dll windows:6 windows x86 arch:x86

3a7cb356ddd08c0235153b70d668c3c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\indicium-supra\bin\x86\Indicium-Supra.pdb

Imports

kernel32

InitializeSRWLock
HeapFree
ExpandEnvironmentStringsA
WaitForSingleObject
GetCurrentThreadId
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
TerminateThread
WaitForSingleObjectEx
CloseHandle
ReleaseSRWLockShared
CreateThread
HeapAlloc
LocalFree
AcquireSRWLockShared
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
K32GetProcessImageFileNameA
GetCurrentThread
DeviceIoControl
AreFileApisANSI
MultiByteToWideChar
GetCurrentProcessId
WakeAllConditionVariable
SleepConditionVariableSRW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
ResetEvent
ReleaseSemaphore
OpenEventA
ResumeThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
GetModuleHandleW
LoadLibraryExW
EncodePointer
DecodePointer
RaiseException
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW

user32

CreateWindowExA
UnregisterClassA
RegisterClassExA
DefWindowProcA
DestroyWindow

Exports

Exports

IndiciumEngineAlloc
IndiciumEngineFree
IndiciumEngineInit
IndiciumEngineLogDebug
IndiciumEngineLogError
IndiciumEngineLogInfo
IndiciumEngineLogWarning
IndiciumEngineSetD3D10EventCallbacks
IndiciumEngineSetD3D11EventCallbacks
IndiciumEngineSetD3D12EventCallbacks
IndiciumEngineSetD3D9EventCallbacks
IndiciumEngineShutdown

Sections

.text
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScintillaNET.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\jacob\Documents\Projects\ScintillaNET\src\ScintillaNET\obj\Release\ScintillaNET.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
krnl.dll
.dll .js windows:6 windows x86 arch:x86 polyglot

ac59689a2c64dc5dac5e8c9108d5ae28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Michael\source\repos\krnl\Release\krnl.pdb

Imports

indicium-supra

IndiciumEngineInit

kernel32

CreateNamedPipeA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyState

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

imm32

ImmGetContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2

wininet

InternetCloseHandle

vcruntime140

__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

isspace

api-ms-win-crt-runtime-l1-1-0

_errno

api-ms-win-crt-stdio-l1-1-0

_fseeki64

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

Sections

.text
Size: - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
krnl.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\LaziestBoy\source\repos\krnl - Copy\obj\Release\krnlss.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 233KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

3a7cb356ddd08c0235153b70d668c3c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 571KB - Virtual size: 570KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 24KB - Virtual size: 29KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 38KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

ac59689a2c64dc5dac5e8c9108d5ae28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

indicium-supra

kernel32

user32

msvcp140

imm32

d3dcompiler_47

xinput1_4

wininet

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: - Virtual size: 397KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 296KB

.vmp1 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 469B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

.text
Size: 234KB - Virtual size: 233KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 571KB - Virtual size: 570KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 24KB - Virtual size: 29KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 38KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 397KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 296KB

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 185KB - Virtual size: 185KB

.reloc
Size: 512B - Virtual size: 12B