69d4c3606016f2cd307c4755606d24b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69d4c3606016f2cd307c4755606d24b8_JaffaCakes118
Size

571KB
MD5

69d4c3606016f2cd307c4755606d24b8
SHA1

01f292213e77285f338fbbff3b4b6ef3da04cc0a
SHA256

1b190d67ed4a531d5e037837056a159b31451d36d90f5f0f83a091d4c8748a91
SHA512

984efde2c558d592fa9e71a29a3298f21a506b6bec01a252bcf2ea147ebab26467a857c6b96c36f758fefa80823f20b2d239ab972361c3a67c65b3e0989772f1
SSDEEP

12288:AQPfXy2aL1qZ0Nly8RGKtllUL45qVSh6lS8cuW:FkLoZ0XyEGLL458SZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69d4c3606016f2cd307c4755606d24b8_JaffaCakes118

Files

69d4c3606016f2cd307c4755606d24b8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b86a23e4c8b0e1df6ab888f314509329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\projects\G\GamePluginCtrl\Release\gamePluginCtrl.pdb

Imports

kernel32

GetVersionExA
lstrcmpW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowTextA

gdi32

SetTextColor

winspool.drv

DocumentPropertiesA

advapi32

RegFlushKey

shell32

ShellExecuteA

shlwapi

PathFindExtensionA

ole32

CoCreateInstance

oleaut32

VariantChangeType

psapi

GetModuleFileNameExA

ntdll

ZwClose

fltlib

FilterSendMessage

ws2_32

WSACleanup

Exports

Exports

AGS
ALDS
GDTAN
GNBGT
GSCF
GSDNP
HINSD
IHJDE
IHPTE
INSHD
INSPD
PTCP
RDTP
RGALDSE
SADP
SCTM
SDMDP3Q
SDMDPHY
SDMDPLZ
SDMDPSA
SGDI
SGGGI
SGHHI
SGSI
SGTHI
SPEP
SRF

Sections

.text
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b86a23e4c8b0e1df6ab888f314509329

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

psapi

ntdll

fltlib

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 195KB

.rdata Size: - Virtual size: 44KB

.data Size: - Virtual size: 34KB

.vmp0 Size: - Virtual size: 347KB

.vmp1 Size: 567KB - Virtual size: 566KB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 3KB - Virtual size: 13KB

.text
Size: - Virtual size: 195KB

.rdata
Size: - Virtual size: 44KB

.data
Size: - Virtual size: 34KB

.vmp0
Size: - Virtual size: 347KB

.vmp1
Size: 567KB - Virtual size: 566KB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 3KB - Virtual size: 13KB