6d8f60ef1bf5d485dbf58bfb6db3c64e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6d8f60ef1bf5d485dbf58bfb6db3c64e_JaffaCakes118
Size

4.4MB
MD5

6d8f60ef1bf5d485dbf58bfb6db3c64e
SHA1

d31d8dd2d5dd3db99ffaa778393c2749d4dd8727
SHA256

0f7a219a8fabfd15e87248c97b14b2ea2ccce7c8abc8431bbc026dce6e6c71b5
SHA512

3d4c33274e16b5352824fda0cf5796d20ea2fa4bc24069d0b5ee9f788e6e62a6de814e81ca9716746cbcd8387885efb483b03072821ed795da7cafd79fbb6f83
SSDEEP

98304:4ulohWT4eZhFFbHKxT0ihylbioai3+XczzBM0cm:4K4WcghrLKolbiolBM0cm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/ThunderUI/bin/Thunder.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ThunderUI/Thunder.exe
unpack001/ThunderUI/bin/Thunder.dll

Files

6d8f60ef1bf5d485dbf58bfb6db3c64e_JaffaCakes118
.rar
ThunderUI/Monaco/Monaco.html
.js
ThunderUI/Monaco/base.txt
ThunderUI/Monaco/classfunc.txt
ThunderUI/Monaco/desktop.ini
ThunderUI/Monaco/globalf.txt
ThunderUI/Monaco/globalns.txt
ThunderUI/Monaco/globalv.txt
ThunderUI/Monaco/vs/base/worker/workerMain.js
.js
ThunderUI/Monaco/vs/basic-languages/bat/bat.js
ThunderUI/Monaco/vs/basic-languages/coffee/coffee.js
ThunderUI/Monaco/vs/basic-languages/cpp/cpp.js
ThunderUI/Monaco/vs/basic-languages/csharp/csharp.js
ThunderUI/Monaco/vs/basic-languages/csp/csp.js
ThunderUI/Monaco/vs/basic-languages/css/css.js
ThunderUI/Monaco/vs/basic-languages/dockerfile/dockerfile.js
ThunderUI/Monaco/vs/basic-languages/fsharp/fsharp.js
ThunderUI/Monaco/vs/basic-languages/go/go.js
ThunderUI/Monaco/vs/basic-languages/handlebars/handlebars.js
.js
ThunderUI/Monaco/vs/basic-languages/html/html.js
.js
ThunderUI/Monaco/vs/basic-languages/ini/ini.js
ThunderUI/Monaco/vs/basic-languages/java/java.js
ThunderUI/Monaco/vs/basic-languages/less/less.js
ThunderUI/Monaco/vs/basic-languages/lua/lua.js
ThunderUI/Monaco/vs/basic-languages/markdown/markdown.js
.js
ThunderUI/Monaco/vs/basic-languages/msdax/msdax.js
ThunderUI/Monaco/vs/basic-languages/mysql/mysql.js
ThunderUI/Monaco/vs/basic-languages/objective-c/objective-c.js
ThunderUI/Monaco/vs/basic-languages/pgsql/pgsql.js
ThunderUI/Monaco/vs/basic-languages/php/php.js
ThunderUI/Monaco/vs/basic-languages/postiats/postiats.js
ThunderUI/Monaco/vs/basic-languages/powershell/powershell.js
ThunderUI/Monaco/vs/basic-languages/pug/pug.js
ThunderUI/Monaco/vs/basic-languages/python/python.js
ThunderUI/Monaco/vs/basic-languages/r/r.js
ThunderUI/Monaco/vs/basic-languages/razor/razor.js
.js
ThunderUI/Monaco/vs/basic-languages/redis/redis.js
ThunderUI/Monaco/vs/basic-languages/redshift/redshift.js
ThunderUI/Monaco/vs/basic-languages/ruby/ruby.js
ThunderUI/Monaco/vs/basic-languages/rust/rust.js
ThunderUI/Monaco/vs/basic-languages/sb/sb.js
ThunderUI/Monaco/vs/basic-languages/scss/scss.js
ThunderUI/Monaco/vs/basic-languages/solidity/solidity.js
ThunderUI/Monaco/vs/basic-languages/sql/sql.js
ThunderUI/Monaco/vs/basic-languages/st/st.js
ThunderUI/Monaco/vs/basic-languages/swift/swift.js
ThunderUI/Monaco/vs/basic-languages/vb/vb.js
ThunderUI/Monaco/vs/basic-languages/xml/xml.js
ThunderUI/Monaco/vs/basic-languages/yaml/yaml.js
ThunderUI/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
ThunderUI/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
ThunderUI/Monaco/vs/editor/editor.main.css
ThunderUI/Monaco/vs/editor/editor.main.js
.js
ThunderUI/Monaco/vs/editor/editor.main.nls.de.js
ThunderUI/Monaco/vs/editor/editor.main.nls.es.js
ThunderUI/Monaco/vs/editor/editor.main.nls.fr.js
ThunderUI/Monaco/vs/editor/editor.main.nls.it.js
ThunderUI/Monaco/vs/editor/editor.main.nls.ja.js
ThunderUI/Monaco/vs/editor/editor.main.nls.js
ThunderUI/Monaco/vs/editor/editor.main.nls.ko.js
ThunderUI/Monaco/vs/editor/editor.main.nls.ru.js
ThunderUI/Monaco/vs/editor/editor.main.nls.zh-cn.js
ThunderUI/Monaco/vs/editor/editor.main.nls.zh-tw.js
ThunderUI/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
ThunderUI/Monaco/vs/language/css/cssMode.js
.js
ThunderUI/Monaco/vs/language/css/cssWorker.js
.js
ThunderUI/Monaco/vs/language/html/htmlMode.js
.js
ThunderUI/Monaco/vs/language/html/htmlWorker.js
.js
ThunderUI/Monaco/vs/language/json/jsonMode.js
.js
ThunderUI/Monaco/vs/language/json/jsonWorker.js
.js
ThunderUI/Monaco/vs/language/typescript/lib/typescriptServices.js
.js
ThunderUI/Monaco/vs/language/typescript/tsMode.js
.js
ThunderUI/Monaco/vs/language/typescript/tsWorker.js
.js
ThunderUI/Monaco/vs/loader.js
.js
ThunderUI/Thunder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ThunderUI/bin/AutoUpdater.txt
ThunderUI/bin/Default.json
ThunderUI/bin/Scripts/AdminProtected.lua
ThunderUI/bin/Scripts/AudioStealerFP.lua
ThunderUI/bin/Scripts/Calamaro.lua
ThunderUI/bin/Scripts/GravGUItest.lua
.js
ThunderUI/bin/Scripts/JailbreakSnaxx.lua
ThunderUI/bin/Scripts/MouseEventMoney.lua
ThunderUI/bin/Scripts/ProtoList.lua
ThunderUI/bin/Scripts/PwnSomeNoobs.lua
.js
ThunderUI/bin/Scripts/SpaceWareBoomboxLogger.lua
ThunderUI/bin/Scripts/getNames.lua
ThunderUI/bin/Scripts/ic.lua
ThunderUI/bin/Scripts/obfs.lua
.js
ThunderUI/bin/Scripts/sender.lua
ThunderUI/bin/Themes/Pinklmao.json
ThunderUI/bin/Themes/PurplishTheme.json
ThunderUI/bin/Thunder.dll
.dll windows:6 windows x86 arch:x86

7d04a9d78fbbf6570315cf3148850d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowPos
CharUpperBuffW

msvcp140

?always_noconv@codecvt_base@std@@QBE_NXZ

ws2_32

connect

vcruntime140

__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

tmpnam

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_CIfmod

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

remove

wtsapi32

WTSSendMessageW

advapi32

RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

�VЋ�O^�K��ꛬǨY>'b��>4Q,m�?f��!��A)N� �q��8y�ul�*J�Kc��D|��T4�B��H� >�T'X��BN��^n��Sa��?/��Q�1V9sM�W��^_�ᗶA�(\�� Zy��ش6i/뫒�zw�>��~'Q(��8F`\v��Q��xh�<'��P��Q+��ǭFe�ߒ��%c�[�� P��>3Ƹ�퍃��|�V�?��5��N��6�J�L0!,��pkA��`> M��n��H_�H,c��T_��M1�9�ԣ?��W'e��>�/�e�U-��`��X�4�!�P�"#1�Ɣ��Z6��Fא*��R��N��3��I7��]!b��im]I"ؐ�ܼ.��v ��S�K�ڣ �W)�� a�<��?��Ua.*�n�uuR�yؤ'ˏ��9Y�X�܆R��G�b_��s��'v*�,��1��5n��-(y�yB^L��m��<�V�� `�#_MÄn��)'8�o7X#� z�/��m�=+��|�SIF�GP��&荽�%m(��$ ��FY��-��i�<��}��9�� іx��f<�1 �hr4N7#��3��b�Yi��i�(W��yT��xQiA�zn��Q�o��F<�}\��u�v�.\gd1_�]�(0��?��F,�n��E≠��MX|//>�RH�Rm�*Q�94iQ�wG��8��[R~�H;��ھ��d��Bu�kk:��5�:��[/�rITm��#I!�gw�P��h�i{`��k�� xdu��dC�@�T͡13��X��kV��#�L��:�+*��rLg�cU��|��]�;��g��D{��y ��KQ��]��?�^��o��띺7F�!��}��Pd[��Іm��L�g��x׮tq��/v�E��ػ�F5{8;��{f�� O�%��Z��/��w�٭��գ_`� �\��8�@X��8*89f��V[�Q�F��pr�_�Q��ffod�R�� T��O�ߛ~��*�$�å+d7؟��m��zc��-#A��=Q��t��;/�Q�(\�)n=��T��^ ��˄N�x�0�r��l�� B�F�s�(��ҙ��=}��+�@�r��}�P��+O��W��ֱ<��0n��z=��f�lI�`��#�߮<�H��ؓ��@JHT�z�Q�W��2${H��`w�x�y�.�)�iD��pIұ<��xYVNX��O�nAx��{��Yq �"�R�h]:�g��dq�f�� aOk��{VZ�jW9ϳ�^ ��>��$'�p�,ۑ�4\��)�U�H`I[��IgZ��@��)̚��~�ѽ��^��<^ ��M}2��F$*c��m�VÍ��|�|zĄ�kTq��l{��a�̂��o��U%�M-��lF�)��<��K�H�`�--ݻt��g�s��F�`�B/�$Q��qu�/\s�2Qa�?�c��?)��=N�aъ=��.p]C��iY��B�\�P�M�b��YB�b��{�K׾$��q��g��6G��P��s)-��ڨaf��o��b��y�|@T��Z��i�R��.��08'0��K�W��ċ0��X��<w��H˺B%xo�^��y!D�۱Ă�+ �ɋ��2�Gy7��h9QXN�S:Y��}��|cvl�t2��>r��0��mcu��s�Ѐ�X��G~~�EF��##Ed{��*�y�D��*�=�'j�6��G{�� 4�!��u��T�֋��gG�a)��<޸$��>�I{��SR�0�4�g@[Ţ��RX��%��$��_2\8|0N��Q�Ȥij�g��Bʂ/�1n�q�o�>Hԥ�t�V��=�tJ4U;A��Z��~�N�$ɟ�Dt��|��PP��t��=�>�f&mS7��_8بĳ,�M�$�[C��wP$�T�� j'_=`^O[�I��Ji�8�&M��U_�Rdno(3��P��K�T�g@]��c��O�#��yX�3L�vg+�{>�Ш�?��%ڹ��+�O��/��c��#��MY/"Q�(�W2�@BpnX�;�@��ch"#5��3_Eb83�O��L�J��|�; �wi��m��7�?��=��-6�:ה��V��E�?7�hh�Y��/d�ΏӊHp4%�"��h��,<�W]i��a~mQ��{�Ī��Om!l�n�4&��\7@�S=K+S � ��4�J��K�G��%��+w={�� P�5��ND�a,9Y7�I�=�j��P� �g�<c��U�㴔#�t01(�Q��4��#�`�v��xF��Ԣ��W<��JdJ丄~�' L��f��t>�k��-UQ�/��Kyg S9��l�c��A�~�J2z�w��m�P=4�v��OdΒ ��ō�!��!��0f�|�+ƫ5$[j�[Ciب�~KJ�Cw� ��>�p�nxY�7��҆(�{Y��X]��q��U UWDZ-ĐR�,AS·ݐ�ޥ�F��\K�'A��$s� ;cbh�ʬڼ0pa� p�DMV^�:��2��W�/��(�(=��}�%˄�&��8]�'#�� -�s-��_�k�h�б��]vH��B0��v ��,~XnC�~��-�,�m[ӵm�aſ��x�&H}��+EyՊ��V�yi��>s03��@df�ܕ\ug ��b��dل��"��J�J��;�g;QAm�� n��]��^o��66,8��Uy��l�08yxb��0

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ThunderUI/bin/workspace/IY_FE.iy
ThunderUI/desktop.ini

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 12B

7d04a9d78fbbf6570315cf3148850d60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

wtsapi32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 199KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: - Virtual size: 12KB

.vmp0 Size: - Virtual size: 1.8MB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 199KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: - Virtual size: 12KB

.vmp0
Size: - Virtual size: 1.8MB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B