6e0aacb0d7823198ef4ac3fc4b973a14_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6e0aacb0d7823198ef4ac3fc4b973a14_JaffaCakes118
Size

425KB
MD5

6e0aacb0d7823198ef4ac3fc4b973a14
SHA1

a173de0ba12a2cada8d893fc1d62f3884a043639
SHA256

e4e3517ea7d6bda651d10ebbd799492d58ee89685180df66bc4783d8f366aeea
SHA512

41090e97949d83549437cc728474e5aa05b439c9a8313b3851bc9f622878551a382b8d62755c690787dbcadd97e103b03f90efef9ff429e5e46697b7efe81206
SSDEEP

6144:7/gRtFK782ccqyX4kcGxHkNlkVuwG+84bvWoA5vzLPCqjdpHagPfCXqTc:bkvKlcczX4kDxOuj84brA9LPZpl8j

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/bin/paul.dll	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin/paul.dll

Files

6e0aacb0d7823198ef4ac3fc4b973a14_JaffaCakes118
.7z
bin/paul.dll
.dll windows:5 windows x86 arch:x86

16b0ff1e806b2a8e3464eb94582f3720

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetStdHandle
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClientRect

gdi32

TextOutW

winspool.drv

ClosePrinter

advapi32

RegQueryValueW

shell32

ShellExecuteW

shlwapi

PathFindExtensionW

oleaut32

VariantInit

Exports

Exports

drm_pagui_doit

Sections

.text
Size: - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skidrow.nfo

Sharing

General

Malware Config

Signatures

Files

16b0ff1e806b2a8e3464eb94582f3720

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 183KB

.rdata Size: - Virtual size: 47KB

.data Size: - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 510KB

.vmp0 Size: - Virtual size: 35KB

.vmp1 Size: - Virtual size: 249KB

.vmp2 Size: 428KB - Virtual size: 427KB

.reloc Size: 512B - Virtual size: 144B

.text
Size: - Virtual size: 183KB

.rdata
Size: - Virtual size: 47KB

.data
Size: - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 510KB

.vmp0
Size: - Virtual size: 35KB

.vmp1
Size: - Virtual size: 249KB

.vmp2
Size: 428KB - Virtual size: 427KB

.reloc
Size: 512B - Virtual size: 144B