7355537672fb881ce1ab6d0c73349877_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7355537672fb881ce1ab6d0c73349877_JaffaCakes118
Size

1.8MB
MD5

7355537672fb881ce1ab6d0c73349877
SHA1

f0d3c35552dd4331ca17561e7bfc0cf2622ead36
SHA256

9a04fa25feb7341f69f1426f38305a0bde1d828862b7f6bad732b668a4b099a3
SHA512

b3f562dff36e892ce25338118b870d5f3854f69273c978d0531ddcf0fc78a981d7ec04541ad8ce0cc1d1b77ebab84db33b47c0f21bb8a3b179438ffe1cb4b4d5
SSDEEP

49152:t+llMEK27GO9pXDTSTFf6UpKO5hKcujrpZyd/Jd:Qom6QDOwUpKO5hKcujGdRd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/后二计划工具_Mr.D_se.vmp.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/后二计划工具_Mr.D_se.vmp.exe

Files

7355537672fb881ce1ab6d0c73349877_JaffaCakes118
.rar
后二计划工具_Mr.D_se.vmp.exe
.exe windows:5 windows x86 arch:x86

d61222b2ba8c610dcad4d5df7ba2c02e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

WSAAsyncSelect

kernel32

CompareStringW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

gdi32

GetTextMetricsA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ord17

comdlg32

ChooseColorA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
更多软件下载.url
飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

d61222b2ba8c610dcad4d5df7ba2c02e

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

msvcrt

iphlpapi

psapi

Sections

.text Size: - Virtual size: 836KB

.sedata Size: - Virtual size: 952KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 8KB

.sedata Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 579KB

.vmp2 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: - Virtual size: 836KB

.sedata
Size: - Virtual size: 952KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 8KB

.sedata
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 579KB

.vmp2
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 8KB - Virtual size: 4KB