47ce7eec3f486806399480a55de9879b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

47ce7eec3f486806399480a55de9879b_JaffaCakes118
Size

3.1MB
MD5

47ce7eec3f486806399480a55de9879b
SHA1

1ca156276e304354fd26cec0e0db217726a70e01
SHA256

f938e4114b509d11273e3395985bdea9cdc7089bcf023393240d5c95060d0af0
SHA512

8dda0797435bfba2c23dcb6c0e2c7d5062030361ddbaace4e0d7432b516fd51c79e188434a5ee9aefb237ce6aa4b0acc10bd70af73e625bd76237a4484530ea0
SSDEEP

49152:G3UFwK2ZKC51He77wh3JG7WrCHpdKDNV1OsXj8Za28SWH:U2+dncmDBzXAZ8SY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47ce7eec3f486806399480a55de9879b_JaffaCakes118

Files

47ce7eec3f486806399480a55de9879b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

727d6050b9efc3397f0df38a76fa0891

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GetUserDefaultLCID
SetEndOfFile
SetFilePointer
GetLocalTime
RemoveDirectoryA
GetStartupInfoA
SetFileAttributesA
WriteFile
FindClose
FindFirstFileA
FindNextFileA
GetFileSize
Sleep
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
ExitProcess
GetTempPathA
IsWow64Process
GetVersionExA
SetWaitableTimer
CreateWaitableTimerA
InterlockedExchange
InterlockedExchangeAdd
GlobalFree
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExpandEnvironmentStringsA
DeleteFileA
DeviceIoControl
GetCurrentThread
WriteProcessMemory
lstrlenW
GetComputerNameA
RemoveVectoredExceptionHandler
SetProcessWorkingSetSize
Module32Next
SetThreadPriority
SetThreadContext
ResumeThread
AddVectoredExceptionHandler
VirtualQueryEx
VirtualFreeEx
DuplicateHandle
GetQueuedCompletionStatus
SetEvent
CreateThread
CreateIoCompletionPort
QueryDepthSList
InitializeSListHead
HeapCreate
VirtualFree
HeapDestroy
PostQueuedCompletionStatus
InterlockedCompareExchange
WaitForSingleObject
LocalSize
LocalFree
LocalAlloc
GetSystemInfo
TerminateProcess
lstrcpynA
CreateEventA
OpenEventA
ExitThread
Module32First
Thread32Next
SuspendThread
Thread32First
GetDriveTypeA
CreateFileA
MoveFileExA
InterlockedPushEntrySList
GetLastError
InterlockedDecrement
InterlockedIncrement
RtlZeroMemory
InterlockedPopEntrySList
VirtualQuery
HeapAlloc
GetProcessHeap
GetTickCount
GlobalMemoryStatusEx
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
lstrcpyn
QueryDosDeviceA
GetLogicalDriveStringsA
FreeLibrary
VirtualProtect
GetProcAddress
LoadLibraryA
TerminateThread
OpenThread
WaitForSingleObjectEx
GetExitCodeProcess
ReadFile
PeekNamedPipe
CloseHandle
CreateProcessA
CreatePipe
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
ReadProcessMemory
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
CreateRemoteThread
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
OutputDebugStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlMoveMemory
VirtualAlloc
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetStringTypeExA
FlushFileBuffers
DeleteCriticalSection
lstrlenA
GetWindowsDirectoryA
GetTimeZoneInformation
SetLastError
lstrcpyA
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowLongA
PtInRect
PostQuitMessage
PostMessageA
SetCursor
GetLastActivePopup
ValidateRect
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
UnregisterClassA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SetWindowLongA
GetDlgItem
UpdateWindow
SystemParametersInfoA
FindWindowA
DispatchMessageA
SetWindowTextA
GetDesktopWindow
GetWindow
GetClassNameA
SendMessageA
SendMessageTimeoutA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindowEnabled
GetWindowThreadProcessId
ScreenToClient
GetWindowInfo
GetParent
SetWindowsHookExA
CallNextHookEx
MessageBoxA
MessageBoxTimeoutA
ShowWindow
EnumDisplaySettingsA
IsWindow
IsWindowVisible
GetWindowTextA
BlockInput
ClipCursor
GetDC
GetForegroundWindow
EnumChildWindows
RegisterShellHookWindow
GetClientRect
GetWindowTextLengthA
EnumWindows
GetCursorPos
ReleaseDC
EnableWindow
MsgWaitForMultipleObjects
PostThreadMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetDlgCtrlID
AdjustWindowRectEx
WindowFromDC
RegisterWindowMessageA
wsprintfA

advapi32

CryptGetHashParam
RegOpenKeyExA
RegDeleteValueA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
RegCreateKeyExA
RegEnumValueA
RegEnumKeyA
RegCloseKey
OpenSCManagerA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
OpenServiceA
StartServiceA
ControlService
DeleteService
QueryServiceStatusEx
GetServiceDisplayNameA
GetServiceKeyNameA
EnumServicesStatusExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegDeleteKeyA

ole32

OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
GetHGlobalFromStream
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter

gdi32

TextOutA
DeleteDC
DeleteObject
GdiFlush
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
SetViewportExtEx
ScaleViewportExtEx
CreateBitmap
ScaleWindowExtEx
GetClipBox
CreateCompatibleBitmap
StretchBlt
GetCurrentObject
GetObjectA
GetBitmapBits
SetDIBits
GetObjectType
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
GetStockObject
GetPixel
SetWindowExtEx
Escape
ExtTextOutA
RectVisible
PtVisible

wsock32

WSACleanup
WSAStartup
closesocket
ioctlsocket
bind
gethostbyname
inet_addr
ntohs
gethostname
socket
htons
connect
send
recv
select
listen
accept
__WSAFDIsSet
getpeername
htonl
recvfrom
sendto
getsockname

wininet

InternetConnectA
InternetOpenA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetCrackUrlA

ws2_32

WSARecv
WSCEnumProtocols
WSAIoctl
WSASend
WSASocketA

iphlpapi

IcmpCreateFile

shlwapi

PathUnExpandEnvStringsA
PathIsDirectoryA
PathFindFileNameA
PathFileExistsA

dnsapi

DnsFlushResolverCache

psapi

GetMappedFileNameA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiClassGuidsFromNameA

netapi32

NetApiBufferFree
NetServerEnum

gdiplus

GdipCreateBitmapFromStream
GdiplusStartup
GdipSaveImageToStream
GdipDisposeImage

atl

ord42

oledlg

ord8

shell32

SHGetSpecialFolderPathA

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA
RasHangUpA
RasGetConnectStatusA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Exports

Exports

??��?��?��?_??��yD��
init

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

727d6050b9efc3397f0df38a76fa0891

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

gdi32

wsock32

wininet

ws2_32

iphlpapi

shlwapi

dnsapi

psapi

setupapi

netapi32

gdiplus

atl

oledlg

shell32

rasapi32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 38KB

.data Size: - Virtual size: 609KB

.vmp0 Size: - Virtual size: 2.6MB

.vmp1 Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 4KB - Virtual size: 136B

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 38KB

.data
Size: - Virtual size: 609KB

.vmp0
Size: - Virtual size: 2.6MB

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 4KB - Virtual size: 136B