4762e772f6075c09918154fb6913b508_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4762e772f6075c09918154fb6913b508_JaffaCakes118
Size

9.9MB
MD5

4762e772f6075c09918154fb6913b508
SHA1

e2314441c282e016f84524d94e6a4fc0f543905e
SHA256

8478af052c0b730b3d9589bb9ee0861c7c9b395eaa9f079c465be34b0c503f76
SHA512

a531005bebb65d59803c3f45b79a571031a1d53b46be72366e0a7e68e9f189afa963e6c711e62c4d087348ec175e4df63a9a1fdadfa36e5fc1445261ee6f8e74
SSDEEP

196608:KsoaBfdABMUVC0MupzWeojG0nePVWpAbMbEwE3vPqh25/Jgy9LAhL:KsjlABFkZyvt0uViowE3vdJJAhL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

4762e772f6075c09918154fb6913b508_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cddffcbc7a9d0a655e02b29df714ff73

Code Sign

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:fe:aa:54:24:0c:d5:43:b7:51:c8:4c:1b:c0:b3:10
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

02/11/2017, 08:18

Not After

31/10/2020, 08:18

Subject

CN=Jiangxia Information Technology (Huizhou) Co.\, Ltd.,O=Jiangxia Information Technology (Huizhou) Co.\, Ltd.,L=Huizhou,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c106a786e6574636f6d403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:6d:6c:63:8e:fd:0a:83:c4:54:ed:43:7f:5e:74:46:f3:2a:49:49
Signer

Actual PE Digest

b3:6d:6c:63:8e:fd:0a:83:c4:54:ed:43:7f:5e:74:46:f3:2a:49:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

utilities

?CvtA2W@SStrCpCvt@SOUI@@SA?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV?$TStringT@DUchar_traits@SOUI@@@2@II@Z

soui

?GetRoot@SHostWnd@SOUI@@QBEPAVSWindow@2@XZ

ws2_32

shutdown

wldap32

ord30

kernel32

GetVersionExW
ExitProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnumDisplayMonitors

gdi32

MoveToEx

advapi32

GetTokenInformation

shell32

ExtractIconW

ole32

ReadClassStg

oleaut32

CreateErrorInfo

msimg32

TransparentBlt

shlwapi

StrCmpW

uxtheme

IsThemeBackgroundPartiallyTransparent

oledlg

OleUIBusyW

iphlpapi

GetAdaptersInfo

imm32

ImmSetCompositionWindow

oleacc

AccessibleObjectFromWindow

gdiplus

GdipDeleteGraphics

winmm

PlaySoundW

winspool.drv

DocumentPropertiesW

Sections

.text
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 970KB - Virtual size: 970KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cddffcbc7a9d0a655e02b29df714ff73

Code Sign

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

54:fe:aa:54:24:0c:d5:43:b7:51:c8:4c:1b:c0:b3:10Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

b3:6d:6c:63:8e:fd:0a:83:c4:54:ed:43:7f:5e:74:46:f3:2a:49:49Signer

Headers

DLL Characteristics

File Characteristics

Imports

utilities

soui

ws2_32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

shlwapi

uxtheme

oledlg

iphlpapi

imm32

oleacc

gdiplus

winmm

winspool.drv

Sections

.text Size: - Virtual size: 3.9MB

.rdata Size: 970KB - Virtual size: 970KB

.data Size: - Virtual size: 114KB

.vmp0 Size: - Virtual size: 7.0MB

.vmp1 Size: 8.8MB - Virtual size: 8.8MB

.reloc Size: 130KB - Virtual size: 130KB

.rsrc Size: 28KB - Virtual size: 27KB

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

54:fe:aa:54:24:0c:d5:43:b7:51:c8:4c:1b:c0:b3:10
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

b3:6d:6c:63:8e:fd:0a:83:c4:54:ed:43:7f:5e:74:46:f3:2a:49:49
Signer

.text
Size: - Virtual size: 3.9MB

.rdata
Size: 970KB - Virtual size: 970KB

.data
Size: - Virtual size: 114KB

.vmp0
Size: - Virtual size: 7.0MB

.vmp1
Size: 8.8MB - Virtual size: 8.8MB

.reloc
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 28KB - Virtual size: 27KB