82805808f98029a481df01fff9b4ecc3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82805808f98029a481df01fff9b4ecc3_JaffaCakes118
Size

604KB
MD5

82805808f98029a481df01fff9b4ecc3
SHA1

b61bfb72246df5410867d0a0fa70ceb5db7d2aaa
SHA256

df817d8ee306d3d54e044f4aaffc81b2899af118c8167ed73c0633751587f461
SHA512

5bfea93d8d3021fbc803b15edb8c76f282710504a5eec80d203f297ac11852fa8cc3e7c0f12d2453971d8f8a9897a51d3eaa95cf887464999332c7ffb6c1005b
SSDEEP

12288:OasID7DAJf74y4yXZoTKa/KooHH/xXUCsFHwQ1JN+UNOJrL+2/EangVIr8VP:OhIDvACy4yXZoT27pXrsL6rryCg6r8V

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82805808f98029a481df01fff9b4ecc3_JaffaCakes118

Files

82805808f98029a481df01fff9b4ecc3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aba6cf023790a75026258f793d103a3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
lstrcpyn
WaitForSingleObjectEx
GetCurrentThread
CreateFileA
DeviceIoControl
WriteProcessMemory
GetLogicalDriveStringsA
QueryDosDeviceA
VirtualProtect
CreateToolhelp32Snapshot
Module32Next
Thread32First
OpenThread
Thread32Next
TerminateThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
Process32Next
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GetUserDefaultLCID
SetEndOfFile
WriteFile
SetFilePointer
GetTickCount
GetFileSize
Sleep
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetTempPathA
IsWow64Process
GetVersionExA
GlobalFree
GlobalSize
lstrcpynA
GlobalUnlock
GlobalLock
Module32First
ExpandEnvironmentStringsA
DeleteFileA
GetExitCodeProcess
ReadFile
PeekNamedPipe
CloseHandle
CreateProcessA
CreatePipe
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
ReadProcessMemory
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
CreateRemoteThread
RtlMoveMemory
GetCurrentProcess
GetCurrentProcessId
OutputDebugStringA
InterlockedCompareExchange
GetSystemInfo
VirtualQuery
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualFree
CreateThread
DeleteCriticalSection
lstrlenA
GetWindowsDirectoryA
GetLastError
Process32First
TerminateProcess
OpenProcess
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
GetStringTypeExA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
UnregisterClassA
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
EnableMenuItem
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
PtInRect
GetWindowLongA
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
FindWindowA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
PostThreadMessageA
MsgWaitForMultipleObjects
SetWindowTextA
MessageBoxA
MessageBoxTimeoutA
GetClassNameA
GetWindowThreadProcessId
GetParent
IsWindowVisible
GetWindowTextLengthA
GetWindowTextA
GetDesktopWindow
GetWindow
SendMessageA
SendMessageTimeoutA
ScreenToClient
GetWindowInfo
IsWindowEnabled
EnumWindows
EnumChildWindows
GetCursorPos
ReleaseDC
EnumDisplaySettingsA
AdjustWindowRectEx
WindowFromDC
RegisterWindowMessageA
wsprintfA
DispatchMessageA
EnableWindow
TranslateMessage
GetMessageA
PeekMessageA
GetPropA

advapi32

CryptReleaseContext
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
EnumServicesStatusExA
GetServiceKeyNameA
GetServiceDisplayNameA
QueryServiceStatusEx
DeleteService
ControlService
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

ole32

CoInitialize
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CLSIDFromString
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream

gdi32

GetDeviceCaps
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
SetDIBits
GetBitmapBits
GetObjectA
GetCurrentObject
DeleteDC
StretchBlt
CreateCompatibleBitmap
DeleteObject
GdiFlush
SelectObject
CreateBitmap
CreateCompatibleDC
GetPixel
GetObjectType

wsock32

WSAStartup
gethostname
htons
WSACleanup
socket
ntohs
gethostbyname

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetOpenA
InternetCloseHandle

ws2_32

WSCEnumProtocols

shlwapi

PathFileExistsA
PathFindFileNameA
PathUnExpandEnvStringsA

dnsapi

DnsFlushResolverCache

psapi

GetMappedFileNameA

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup

atl

ord42

oledlg

ord8

shell32

SHGetSpecialFolderPathA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Exports

Exports

??��?��?��?_??��yD��
init

Sections

.text
Size: - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 596KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba6cf023790a75026258f793d103a3b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

gdi32

wsock32

wininet

ws2_32

shlwapi

dnsapi

psapi

gdiplus

atl

oledlg

shell32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 903KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 370KB

.vmp0 Size: - Virtual size: 188KB

.vmp1 Size: 596KB - Virtual size: 593KB

.reloc Size: 4KB - Virtual size: 260B

.text
Size: - Virtual size: 903KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 370KB

.vmp0
Size: - Virtual size: 188KB

.vmp1
Size: 596KB - Virtual size: 593KB

.reloc
Size: 4KB - Virtual size: 260B