5d166d70872fc980fd4841c6ba7823ea_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d166d70872fc980fd4841c6ba7823ea_JaffaCakes118
Size

3.0MB
MD5

5d166d70872fc980fd4841c6ba7823ea
SHA1

78a6e2edc57afbe14383a2938e92af90d5a8b8c3
SHA256

79a392feef17c2efe5616ef0d7d0b94ae1d796677c227e09f8b5f5451c500b19
SHA512

673e3694802a4ce63e544a5083545fa2df8af51230f2050a207ecc98af497f5c6ba9a8505e5726f2752f78dfc1bda7b89304e5de8da497c50ac3eda0c24557a4
SSDEEP

49152:HYmFpKMBznrnNjDoqIMSlePda3HITUYVUanQcj4wjNW6+qUIF5Hw+:4mewrnJDoqIT3XIgYV3HjJjNoOB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5d166d70872fc980fd4841c6ba7823ea_JaffaCakes118

Files

5d166d70872fc980fd4841c6ba7823ea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6316082297118fc0de6563c319a5bf4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindClose
SetFileAttributesA
GetStartupInfoA
RemoveDirectoryA
GetLocalTime
SetEndOfFile
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetUserDefaultLCID
GetCommandLineA
LCMapStringA
FindNextFileA
GetEnvironmentVariableA
Sleep
GetModuleFileNameA
GetFileSize
SetFilePointer
WriteFile
IsBadReadPtr
HeapFree
HeapReAlloc
ExitProcess
SetWaitableTimer
CreateWaitableTimerA
InterlockedExchange
InterlockedExchangeAdd
GlobalFree
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetTempPathA
IsWow64Process
GetVersionExA
ExpandEnvironmentStringsA
DeleteFileA
DeviceIoControl
GetCurrentThread
WriteProcessMemory
lstrlenW
GetComputerNameA
RemoveVectoredExceptionHandler
Module32Next
SetProcessWorkingSetSize
lstrcpyA
SetThreadPriority
ResumeThread
SetThreadContext
AddVectoredExceptionHandler
VirtualQueryEx
VirtualFreeEx
DuplicateHandle
GetQueuedCompletionStatus
SetEvent
CreateThread
CreateIoCompletionPort
QueryDepthSList
InitializeSListHead
HeapCreate
VirtualFree
HeapDestroy
PostQueuedCompletionStatus
InterlockedCompareExchange
WaitForSingleObject
LocalSize
LocalFree
LocalAlloc
GetSystemInfo
TerminateProcess
lstrcpynA
CreateEventA
OpenEventA
ExitThread
Module32First
MoveFileExA
SuspendThread
GetDriveTypeA
CreateFileA
InterlockedPushEntrySList
GetLastError
InterlockedDecrement
InterlockedIncrement
RtlZeroMemory
InterlockedPopEntrySList
VirtualQuery
HeapAlloc
GetProcessHeap
GetTickCount
GlobalMemoryStatusEx
Process32Next
Process32First
GetModuleHandleW
OpenProcess
lstrcpyn
QueryDosDeviceA
GetLogicalDriveStringsA
FreeLibrary
VirtualProtect
GetProcAddress
LoadLibraryA
TerminateThread
OpenThread
GetExitCodeProcess
ReadFile
PeekNamedPipe
CloseHandle
CreateProcessA
CreatePipe
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
GetCurrentThreadId
WaitForSingleObjectEx
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
CreateRemoteThread
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
OutputDebugStringA
Thread32Next
SetEnvironmentVariableA
CompareStringW
CompareStringA
Thread32First
CreateToolhelp32Snapshot
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
RtlMoveMemory
VirtualAlloc
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetStringTypeExA
FlushFileBuffers
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
GetWindowsDirectoryA
lstrlenA
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC
ClipCursor
BlockInput
GetWindowTextA
IsWindowVisible
IsWindow
EnumDisplaySettingsA
ShowWindow
EnableWindow
IsWindowEnabled
GetActiveWindow
SetActiveWindow
SetForegroundWindow
PostQuitMessage
PostMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
ValidateRect
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
GetForegroundWindow
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
TranslateMessage
GetSystemMetrics
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetWindowRect
GetDlgCtrlID
ClientToScreen
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetMenuItemBitmaps
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
MessageBoxTimeoutA
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
MessageBoxA
CallNextHookEx
SetWindowsHookExA
GetMessageA
PeekMessageA
EnumChildWindows
RegisterShellHookWindow
GetClientRect
GetWindowTextLengthA
EnumWindows
RegisterWindowMessageA
GetParent
GetWindowInfo
DispatchMessageA
wsprintfA
WindowFromDC
AdjustWindowRectEx
ReleaseDC
ScreenToClient
GetWindowThreadProcessId
GetClassNameA
GetWindow
SendMessageA
SendMessageTimeoutA
PostThreadMessageA
MsgWaitForMultipleObjects
SetWindowTextA
GetDesktopWindow
GetCursorPos

advapi32

DeleteService
RegOpenKeyExA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyA
RegCloseKey
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
OpenSCManagerA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
OpenServiceA
StartServiceA
ControlService
RegDeleteValueA
QueryServiceStatusEx
GetServiceDisplayNameA
GetServiceKeyNameA
EnumServicesStatusExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegDeleteKeyA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CoRevokeClassObject
OleInitialize
CLSIDFromString
CoInitialize

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GdiFlush
DeleteObject
DeleteDC
TextOutA
GetObjectType
GetPixel
CreateBitmap
CreateCompatibleBitmap
StretchBlt
GetCurrentObject
GetObjectA
GetBitmapBits
SetDIBits
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
SelectObject
BitBlt

wsock32

ioctlsocket
bind
gethostbyname
gethostname
socket
htons
inet_addr
WSACleanup
getsockname
sendto
recvfrom
htonl
getpeername
__WSAFDIsSet
accept
listen
select
WSAStartup
closesocket
ntohs
recv
send
connect

wininet

InternetCrackUrlA
InternetSetOptionA
InternetConnectA
InternetOpenA
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
HttpSendRequestA

ws2_32

WSAIoctl
WSASend
WSCEnumProtocols
WSARecv
WSASocketA

dnsapi

DnsFlushResolverCache

shlwapi

PathFileExistsA
PathUnExpandEnvStringsA
PathIsDirectoryA
PathFindFileNameA

psapi

GetMappedFileNameA

setupapi

SetupDiClassGuidsFromNameA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

iphlpapi

IcmpCreateFile

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

netapi32

NetServerEnum
NetApiBufferFree

gdiplus

GdipSaveImageToStream
GdipCreateBitmapFromStream
GdiplusStartup
GdipDisposeImage

atl

ord42

oledlg

ord8

shell32

SHGetSpecialFolderPathA

rasapi32

RasEnumEntriesA
RasHangUpA
RasGetConnectStatusA
RasGetEntryDialParamsA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Exports

Exports

??��?��?��?_??��yD��
init

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6316082297118fc0de6563c319a5bf4b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

gdi32

wsock32

wininet

ws2_32

dnsapi

shlwapi

psapi

setupapi

iphlpapi

version

netapi32

gdiplus

atl

oledlg

shell32

rasapi32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 37KB

.data Size: - Virtual size: 552KB

.vmp0 Size: - Virtual size: 2.3MB

.vmp1 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 4KB - Virtual size: 196B

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 37KB

.data
Size: - Virtual size: 552KB

.vmp0
Size: - Virtual size: 2.3MB

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 4KB - Virtual size: 196B