9edd84068e19f00340a824216309c839_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9edd84068e19f00340a824216309c839_JaffaCakes118
Size

1.3MB
MD5

9edd84068e19f00340a824216309c839
SHA1

924f62bcece203cf2b772c71caca7355b5ba2d2b
SHA256

2409f517c5a42b98de7d9fcf6f9b3d47edade4fd7f5325376c33c554a0b252bd
SHA512

b28fce76cb4f7e81cd5c1062fa3839e39b94ff14ec800f7b875d3604cb80ac0db340f6b9baff3ddd6db2b993dc16f3bc68108c97547081719f211679b1c6a7f9
SSDEEP

24576:xudV6zQTNsbnI7RJ93vyLeX2brZm1Mk9ZgDwR31+CJBlytaNHTekXdNknZWNK/vh:xudIkTNsU7RJNvUBk9aDmICDItSz7vkH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9edd84068e19f00340a824216309c839_JaffaCakes118

Files

9edd84068e19f00340a824216309c839_JaffaCakes118
.exe windows:4 windows x86 arch:x86

178928039efe77d19495d7723b7d0e19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose

ws2_32

WSAStartup

rasapi32

RasHangUpA

kernel32

GetProcessHeap
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetRect

gdi32

TextOutA

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

DragQueryFileA

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_SetBkColor

wldap32

ord29

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

178928039efe77d19495d7723b7d0e19

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wldap32

wininet

comdlg32

Sections

.text Size: - Virtual size: 840KB

.rdata Size: - Virtual size: 708KB

.data Size: - Virtual size: 374KB

.rsrc Size: 40KB - Virtual size: 52KB

.vmp0 Size: - Virtual size: 386KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.text
Size: - Virtual size: 840KB

.rdata
Size: - Virtual size: 708KB

.data
Size: - Virtual size: 374KB

.rsrc
Size: 40KB - Virtual size: 52KB

.vmp0
Size: - Virtual size: 386KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB