6872559f5239153c9a9ab634a5d332d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6872559f5239153c9a9ab634a5d332d3_JaffaCakes118
Size

1.3MB
MD5

6872559f5239153c9a9ab634a5d332d3
SHA1

fd25a1005df3027ade3306f52dfbde288eacc815
SHA256

a8377270486aec3c994de7c2ccd7b53c791ff525ed124a29c4584ecb49ad4938
SHA512

f84c0126d214f0860baf8c8a61b1b80dbb7f9e66c6264a08261e31826be4d403a81b3b38271fe5850793b95afb61235729b2c420a75fc9a7926baf49a9f5c0dd
SSDEEP

24576:dEEYSweuYkuIiiqrVdD07/45nT1ZLKunUl/O/bghf3e6mbkR2WcYu56:vYSweuYktii0vDL1TnRnUEzUfGAR2WcU

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/㶮.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/㶮.exe

Files

6872559f5239153c9a9ab634a5d332d3_JaffaCakes118
.zip
㶮.exe
.exe windows:5 windows x86 arch:x86

e4b2092a639a1da9e95cb35ee8e144b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowLongA

gdi32

Escape

winmm

midiOutReset

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteValueA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

WSACleanup

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4b2092a639a1da9e95cb35ee8e144b6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 672KB

.rdata Size: - Virtual size: 144KB

.data Size: - Virtual size: 230KB

.vmp0 Size: - Virtual size: 865KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 56KB - Virtual size: 55KB

.text
Size: - Virtual size: 672KB

.rdata
Size: - Virtual size: 144KB

.data
Size: - Virtual size: 230KB

.vmp0
Size: - Virtual size: 865KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 56KB - Virtual size: 55KB