7290eea92a156a733128193b8a9675eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7290eea92a156a733128193b8a9675eb_JaffaCakes118
Size

70KB
MD5

7290eea92a156a733128193b8a9675eb
SHA1

c52ac1a287b5af0029039a882f1d8888bb5d4a76
SHA256

746456d06434f819887d61afbba79e36c9f249bc7922f2929ca20b8f9dbe32d5
SHA512

3b8065b139b9a5c154ba15e10c3802796523fa1951b623c55abc04b12b1d8166df27d146f97b18e3fd82634689d31d5cdb4c60742999ae50bc186acf90f91359
SSDEEP

1536:4qqkmYYlmtGKD8+Ot3ssa7LRD7lE5CAIefU4RVtNuHnmlUAu:7Bb4mtGKDBOt3xa7LRf4IecGVe57

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

7290eea92a156a733128193b8a9675eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54274157414df84509d2e8df22747d6c

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/07/2014, 00:00

Not After

29/07/2017, 23:59

Subject

CN=FortCloud Security Info Tech Co.\,Ltd.,OU=R&D dept.,O=FortCloud Security Info Tech Co.\,Ltd.,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:b4:f5:a1:3b:de:50:5d:e6:9b:a6:90:02:00:fd:2c:02:21:bf:27
Signer

Actual PE Digest

97:b4:f5:a1:3b:de:50:5d:e6:9b:a6:90:02:00:fd:2c:02:21:bf:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryW
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineW
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcr90

_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
__p__fmode
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
_CxxThrowException
memcpy
__CxxFrameHandler3
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer

qtcore4

?fromWCharArray@QString@@SA?AV1@PBGH@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?free@QString@@CAXPAUData@1@@Z
?detach@QByteArray@@QAEXXZ
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
?qFree@@YAXPAX@Z
?reallocate@QVectorData@@SAPAU1@PAU1@HHH@Z
?qMemSet@@YAPAXPAXHI@Z
?allocate@QVectorData@@SAPAU1@HH@Z
?qBadAlloc@@YAXXZ
?free@QVectorData@@SAXPAU1@H@Z

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 845B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54274157414df84509d2e8df22747d6c

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

97:b4:f5:a1:3b:de:50:5d:e6:9b:a6:90:02:00:fd:2c:02:21:bf:27Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr90

qtcore4

Sections

.text Size: - Virtual size: 17KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 1KB

.idata Size: - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 845B

.vmp1 Size: - Virtual size: 18KB

.vmp2 Size: 61KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 224B

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

97:b4:f5:a1:3b:de:50:5d:e6:9b:a6:90:02:00:fd:2c:02:21:bf:27
Signer

.text
Size: - Virtual size: 17KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 845B

.vmp1
Size: - Virtual size: 18KB

.vmp2
Size: 61KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 224B