81c0bc6a7f7c963d3843b034f9737d40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

81c0bc6a7f7c963d3843b034f9737d40_JaffaCakes118
Size

141KB
MD5

81c0bc6a7f7c963d3843b034f9737d40
SHA1

fb9cdf0b0ff3ced4a5abaddd766a153b2dc31805
SHA256

0cd93faaa38a0503d34b3cbf126af2016da066d3900e3e26855ade3faf58f4a8
SHA512

4c54520c1c4145eda5f34bca2c760246e6cc5caf4d307a7497a62ed017b828c37c5acb74c5aebdc23c84c57ae96fae75e410ae4a822e6f913b248350c1d6c860
SSDEEP

3072:DLyk7G0MseogKoyGjrndJM94IXcoApIxwDjLfA+IehhyKdOTc:DL9G0ocoyGjM94IsDVDjLGS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81c0bc6a7f7c963d3843b034f9737d40_JaffaCakes118

Files

81c0bc6a7f7c963d3843b034f9737d40_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4d75c4364a577cd17d0552969186a393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IMPGetIMEA
SetForegroundWindow
ShowWindow
GetSysColor
GetKeyboardLayoutNameA
IsWindow
GetSystemMetrics
SetWindowPos
GetFocus
SetMenuInfo
DispatchMessageA
InvalidateRect

mswsock

WSPStartup
dn_expand
sethostname
MigrateWinsockConfiguration
NPLoadNameSpaces
GetNameByTypeA
TransmitFile
inet_network
GetAddressByNameA
GetAcceptExSockaddrs
GetTypeByNameW
WSARecvEx
GetServiceW
SetServiceA
EnumProtocolsW
GetTypeByNameA
SetServiceW
StartWsdpService
EnumProtocolsA
rexec
StopWsdpService

kernel32

GetCurrentThreadId
InterlockedDecrement
HeapCreate
GetThreadLocale
QueryPerformanceCounter
lstrlenW
FileTimeToSystemTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetStringTypeW
GetConsoleAliasesA
lstrlenA
lstrcmpiA
TerminateProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapReAlloc
GetFileAttributesW
GetCPInfo
GetCurrentProcess
LCMapStringA
GetOEMCP
GetModuleHandleW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
VirtualAlloc
GetCurrentProcessId
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetStringTypeA
lstrcmpiW
GetEnvironmentStrings
GetSystemTime
SetStdHandle
GlobalSize

gdi32

CreateICW
CreateICA
GetCharWidth32W
DeleteObject
CreatePen
CreateRectRgnIndirect
CreateDCA

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d75c4364a577cd17d0552969186a393

Headers

DLL Characteristics

File Characteristics

Imports

user32

mswsock

kernel32

gdi32

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 7KB

.vmp0 Size: 512B - Virtual size: 248B

.vmp1 Size: 13KB - Virtual size: 12KB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 7KB

.vmp0
Size: 512B - Virtual size: 248B

.vmp1
Size: 13KB - Virtual size: 12KB