4e5d8bb4319a2dbb39d97bcc12646210_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4e5d8bb4319a2dbb39d97bcc12646210_JaffaCakes118
Size

1.6MB
MD5

4e5d8bb4319a2dbb39d97bcc12646210
SHA1

0ba24de91c34093d7880e356ef034b7ab3530778
SHA256

23dc55898fb891c16ebf38adcdc9fce0ccebd6edd8a1e457f7bfd646c53423b7
SHA512

2cf6aaae0f5ada840f825eeffca70764af176b3adf6ad9e3920d187bee170f7bc764c19823a396ff55ab58381a4212febdd96e8274c1a4b8f14a63543bf6d110
SSDEEP

49152:1ZfoWCBVsewTu5sKY5hauhPGAX9y9/BOHQc2j9wD:15pCBVaTu5souRlQrj90

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e5d8bb4319a2dbb39d97bcc12646210_JaffaCakes118

Files

4e5d8bb4319a2dbb39d97bcc12646210_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a109aeca2ba7dcf37de776ead31f031c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\projects\G\CQXZS\org\传奇DPK\bin\DPKHero.pdb

Imports

kernel32

CreateFileW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowsHookExA

gdi32

RestoreDC

shell32

DragFinish

winmm

PlaySoundA

wininet

InternetOpenA

ole32

CLSIDFromProgID

comctl32

ord17

riched20

ord4

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HookShar
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a109aeca2ba7dcf37de776ead31f031c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

winmm

wininet

ole32

comctl32

riched20

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 203KB

.data Size: - Virtual size: 84KB

HookShar Size: 512B - Virtual size: 12B

.vmp0 Size: - Virtual size: 817KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 232B

.rsrc Size: 1024B - Virtual size: 234KB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 203KB

.data
Size: - Virtual size: 84KB

HookShar
Size: 512B - Virtual size: 12B

.vmp0
Size: - Virtual size: 817KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 232B

.rsrc
Size: 1024B - Virtual size: 234KB