9684829695444396578223722de07b63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9684829695444396578223722de07b63_JaffaCakes118
Size

460KB
MD5

9684829695444396578223722de07b63
SHA1

0e77446bb0e4b806b53d0ee333f5ed1c7d22d0a5
SHA256

d8f6dc880d8cfd3b3327c564a218f95967b2027fd58ced264bb093c71fbc7a93
SHA512

3dd34a42b60eebc53c2f93c8519b379987f35a5bf66d5e8e31f3e2cba2fd6d4712ef44e915d126d24f0122e8d15eeea0ee44b7d03344ba6b1bbc55dda0b854ff
SSDEEP

12288:TYH1p5Oite+eOMNwSYspZVBuLD4VSfCa7ME5mnoBM+gYb:T4ZfTMNU/4QMoBZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9684829695444396578223722de07b63_JaffaCakes118

Files

9684829695444396578223722de07b63_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d92b9a813587e30ddcf1aaee225ffec0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyWindow

msvcp100

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

msvcr100

_fseeki64

wininet

InternetOpenUrlA

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

gdi32

GetObjectA

advapi32

RegQueryValueExA

Exports

Exports

BreakRecordsIntoBlob
CombineRecordsInBlob
DnsAcquireContextHandle_A
DnsAcquireContextHandle_W
DnsAllocateRecord
DnsApiAlloc
DnsApiAllocZero
DnsApiFree
DnsApiHeapReset
DnsApiRealloc
DnsApiSetDebugGlobals
DnsAsyncRegisterHostAddrs
DnsAsyncRegisterInit
DnsAsyncRegisterTerm
DnsCopyStringEx
DnsCreateReverseNameStringForIpAddress
DnsCreateStandardDnsNameCopy
DnsCreateStringCopy
DnsDhcpRegisterAddrs
DnsDhcpRegisterHostAddrs
DnsDhcpRegisterInit
DnsDhcpRegisterTerm
DnsDhcpRemoveRegistrations
DnsDhcpSrvRegisterHostAddr
DnsDhcpSrvRegisterHostAddrEx
DnsDhcpSrvRegisterHostName
DnsDhcpSrvRegisterHostNameEx
DnsDhcpSrvRegisterInit
DnsDhcpSrvRegisterInitialize
DnsDhcpSrvRegisterTerm
DnsDowncaseDnsNameLabel
DnsExtractRecordsFromMessage_UTF8
DnsExtractRecordsFromMessage_W
DnsFindAuthoritativeZone
DnsFlushResolverCache
DnsFlushResolverCacheEntry_A
DnsFlushResolverCacheEntry_UTF8
DnsFlushResolverCacheEntry_W
DnsFree
DnsFreeConfigStructure
DnsFreePolicyConfig
DnsFreeProxyName
DnsGetBufferLengthForStringCopy
DnsGetCacheDataTable
DnsGetDnsServerList
DnsGetDomainName
DnsGetLastFailedUpdateInfo
DnsGetPolicyTableInfo
DnsGetPolicyTableInfoPrivate
DnsGetPrimaryDomainName_A
DnsGetProxyInfoPrivate
DnsGetProxyInformation
DnsGlobals
DnsIpv6AddressToString
DnsIpv6StringToAddress
DnsIsAMailboxType
DnsIsStatusRcode
DnsIsStringCountValidForTextType
DnsLogEvent
DnsLogIn
DnsLogInit
DnsLogIt
DnsLogOut
DnsLogTime
DnsMapRcodeToStatus
DnsModifyRecordsInSet_A
DnsModifyRecordsInSet_UTF8
DnsModifyRecordsInSet_W
DnsNameCompareEx_A
DnsNameCompareEx_UTF8
DnsNameCompareEx_W
DnsNameCompare_A
DnsNameCompare_UTF8
DnsNameCompare_W
DnsNameCopy
DnsNameCopyAllocate
DnsNetworkInfo_CreateFromFAZ
DnsNetworkInformation_CreateFromFAZ
DnsNotifyResolver
DnsNotifyResolverClusterIp
DnsNotifyResolverEx
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
DnsRecordBuild_UTF8
DnsRecordBuild_W
DnsRecordCompare
DnsRecordCopyEx
DnsRecordListFree
DnsRecordSetCompare
DnsRecordSetCopyEx
DnsRecordSetDetach
DnsRecordStringForType
DnsRecordStringForWritableType
DnsRecordTypeForName
DnsRegisterClusterAddress
DnsReleaseContextHandle
DnsRemoveRegistrations
DnsReplaceRecordSetA
DnsReplaceRecordSetUTF8
DnsReplaceRecordSetW
DnsResolverOp
DnsScreenLocalAddrsForRegistration
DnsSetConfigDword
DnsStatusString
DnsStringCopyAllocateEx
DnsTraceServerConfig
DnsUnicodeToUtf8
DnsUpdate
DnsUpdateMachinePresence
DnsUpdateTest_A
DnsUpdateTest_UTF8
DnsUpdateTest_W
DnsUtf8ToUnicode
DnsValidateNameOrIp_TempW
DnsValidateName_A
DnsValidateName_UTF8
DnsValidateName_W
DnsValidateServerArray_A
DnsValidateServerArray_W
DnsValidateServerStatus
DnsValidateServer_A
DnsValidateServer_W
DnsValidateUtf8Byte
DnsWriteQuestionToBuffer_UTF8
DnsWriteQuestionToBuffer_W
DnsWriteReverseNameStringForIpAddress
Dns_AddRecordsToMessage
Dns_AllocateMsgBuf
Dns_BuildPacket
Dns_CleanupWinsock
Dns_CloseConnection
Dns_CloseSocket
Dns_CreateMulticastSocket
Dns_CreateSocket
Dns_CreateSocketEx
Dns_ExtractRecordsFromMessage
Dns_FindAuthoritativeZoneLib
Dns_FreeMsgBuf
Dns_GetRandomXid
Dns_InitializeMsgBuf
Dns_InitializeMsgRemoteSockaddr
Dns_InitializeWinsock
Dns_OpenTcpConnectionAndSend
Dns_ParseMessage
Dns_ParsePacketRecord
Dns_PingAdapterServers
Dns_ReadPacketName
Dns_ReadPacketNameAllocate
Dns_ReadRecordStructureFromPacket
Dns_RecvTcp
Dns_ResetNetworkInfo
Dns_SendAndRecvUdp
Dns_SendEx
Dns_SetRecordDatalength
Dns_SetRecordsSection
Dns_SetRecordsTtl
Dns_SkipPacketName
Dns_SkipToRecord
Dns_UpdateLib
Dns_UpdateLibEx
Dns_WriteDottedNameToPacket
Dns_WriteQuestionToMessage
Dns_WriteRecordStructureToPacketEx
ExtraInfo_Init
Faz_AreServerListsInSameNameSpace
FlushDnsPolicyUnreachableStatus
GetCurrentTimeInSeconds
HostsFile_Close
HostsFile_Open
HostsFile_ReadLine
IpHelp_IsAddrOnLink
Local_GetRecordsForLocalName
Local_GetRecordsForLocalNameEx
NetInfo_Build
NetInfo_Clean
NetInfo_Copy
NetInfo_Free
NetInfo_GetAdapterByAddress
NetInfo_GetAdapterByInterfaceIndex
NetInfo_GetAdapterByName
NetInfo_IsAddrConfig
NetInfo_IsForUpdate
NetInfo_ResetServerPriorities
NetInfo_UpdateServerReachability
QueryDirectEx
Query_Main
Reg_FreeUpdateInfo
Reg_GetValueEx
Reg_ReadGlobalsEx
Reg_ReadUpdateInfo
Security_ContextListTimeout
Send_AndRecvUdpWithParam
Send_MessagePrivate
Send_OpenTcpConnectionAndSend
Socket_CacheCleanup
Socket_CacheInit
Socket_CleanupWinsock
Socket_ClearMessageSockets
Socket_CloseEx
Socket_CloseMessageSockets
Socket_Create
Socket_CreateMulticast
Socket_InitWinsock
Socket_JoinMulticast
Socket_RecvFrom
Socket_SetMulticastInterface
Socket_SetMulticastLoopBack
Socket_SetTtl
Socket_TcpListen
Trace_Reset
Update_ReplaceAddressRecordsW
Util_IsIp6Running

Sections

.text
Size: - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 441B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d92b9a813587e30ddcf1aaee225ffec0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp100

msvcr100

wininet

d3d9

dinput8

gdi32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 354KB

.rdata Size: - Virtual size: 101KB

.data Size: - Virtual size: 59KB

.vmp0 Size: - Virtual size: 249KB

.vmp1 Size: 458KB - Virtual size: 457KB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 441B

.text
Size: - Virtual size: 354KB

.rdata
Size: - Virtual size: 101KB

.data
Size: - Virtual size: 59KB

.vmp0
Size: - Virtual size: 249KB

.vmp1
Size: 458KB - Virtual size: 457KB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 441B