a4265f4ad7a8472946dea5bf8a38cc45_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a4265f4ad7a8472946dea5bf8a38cc45_JaffaCakes118
Size

337KB
MD5

a4265f4ad7a8472946dea5bf8a38cc45
SHA1

1e7a53ee0b104e8b9a8fe5107bd51034665a2e8c
SHA256

cd45c2067eff233288b86b78b407322499cd88c7e45704cc2f88dd35c1371a26
SHA512

73ecfc89a374d485ac710301386ff5b5a139a1f3b6f9cfa5436e5ac3df19a85d38f9a67a49a79078f55dd0c766cce49d37783137debad205775e232ab4c3d99f
SSDEEP

6144:u0ljKG13OvEo363dTKamiecxSlffHtWHGUtXTBGDj4tdgY:7F3OvT3kdTKamMSlffNwGUNg6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Arp EMP v1.0.exe	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Arp EMP v1.0.exe
unpack001/dll/PacketX.dll

Files

a4265f4ad7a8472946dea5bf8a38cc45_JaffaCakes118
.rar
Arp EMP v1.0.exe
.exe windows:4 windows x86 arch:x86

276863cbe2451117e677e5df274ba62a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord588

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��us|��$uX��Hv+�" a��:��{3�a��?�S�\J�6��x8�p�LA��r'��?�+�+�3],�͡U�^Y�Xj��IH��&4ǽ5S�O]V��s8��m�r/��H$�}W��o�S��؎��؂SksR��؋�A��M� Q��n3��zF��(|U�S�^7��$Jy��5��9�|��L\��!S1;9&�cn��=9�z~��x�3��E`��@�S�]��z��x�'i�Ǜ��W��6�S0\�Vû��t�g�)�Ms�!�%#K5��SMc�Q��b��2B�4�"��}��_-�+m�LL=�6��@˙t�͌A�P{�,ċ�Mk��G� 2��5eB��w��y��"�i�qs�(��d�2�d��{�"�XP��n�?��C#��[�P"=Ʊ�]Kݘ��k3O��o-��ɕ�t$*9�ޗ�͊�#��E@�c�@�[<Z�@S��go�x��1��B�3r�G�;_Z��0w�'��~Z@��b�XB�b5Sz!k��ӂNz��:�#{��G!�od@��j8�/��㧿��:��)��)� �?�w#��ʬ��ȤSU1�݉5S��R�R�}B��[�k��sG��'�C|��ߚ��?Q��0T� ��!5�+u ��Cu� \3�uC�C>�+h�|��PG�Y~;�E ��$��Un�Yc0��XYAK�v>��P�ɔ��"v`{��!V>��R&�u��Q^��CV� H{�^j%?]�6��L��@�|�_ZFQy�C2ɺ�ue��-�(d �o"��m��T��I��3�[9�,�Z�T��(��i&�i��ȩ�e��2y�ʫN"��sjvo��n��+�Z7@�Q��nz��% %A�bF%�� >-�eG7��4��1'0S�\��^��pn>�'��/W{� M��`}dc�X��\ �F�.��>��^��5t/!.jH��LpB�Q�o�)��nA��o!k��X�Ux�c��dQw�Bu��~{��Jδ��p6�Oɶ��d��0�>IL�H�&o��7� JW�==��&?�m��L�d�Ab귟 ��!ۻ��>��}�v��ڞh��X��1͇�i�a�zH\��?��n�a,�x��[p��"�Sw&1(E��n��^�aH�*�ŗ��Ig4��#�bk�4E�C��W<��]?�a�9U[M�&��ߕ�gP'��d&�e�Z C-?��s_��>x�#w��B�BYƊpO�a��2"WC��fVV�o�w��i�/��4��.Y@��5��tEf�y�1�ꓧ�bɨ�'��d�}~s�L��c_�s޻z��X��G\F��S��M�&�8�E;Y@b��e��^UCpN��%8��h\��ҭ�>q* ��_�%�O�~�Py��'�L��c*X70{��![k��=�!*m��K�&��]~��.�g��ʁ`��`�oA�LWG-xGr�w{^q��V�D��'��R��~�UlԬ)YL��T�o�r9^T�I}'�I+�Ԙ��{)S�D��F��|ׁB�a�*!kE�Z�[ ,��JM��_�-��GQ�}T��d�� r\2�b:�+ ��65�y\�.^��)�P'�L��|�q`� I�A�F� �O%Ͽ[��)��u!�d��z3f�|�s��6��]�@l�k�3.�%n�T�픞�K�N�2�y�>��n�̩9��N�ѯ(��x�-��;��r��fa�Af��P^��#��a�i�� j�G�9Xy�S��H��ː��8�&"�o�ޞh&�u�+�p�ڝ�� y��(�s�r/9��B��2�U�rZ�i��1�E�#��o�R?њq� �D��}��@��,v�Տ��ɑ`��Ψ[��۞$�=�Fbu��蒡rN�`��P5�g��R>g��>��| �A��:j�4��c��+��<�W�-;^ߡ�� jiɤ��R Y��2�_P��ݨ��f��`��L.�yUT�K� F/��zt��b�=X�Soܬl��V6��<�N��Ԝ��H#��^��iQ �~lzE��P~� ��I��0h��Rځh8Ǔ�b�I�V_󽱊��s�Љ�p��B~ͽ�f��w��&��C��~g��EE�?��DyÃQ��o) X��i��T�7��]�qƖV�F|q��m��6�ʩg�܎t�y�?�ݒ�,�H��Wy�.ݶqQK��?��_�Ep'��@�`�ӛ�L��b��j}��]�)LrT��_�ڵ ��A��Hd� ڟB��oP hfܵ��.�w�� I!t�ޤ�# ��:��#�4�k5��k8�cEN!�2�5L4`�;3��%-��K:]��l�Ħ|6�u��<k�a�6��S �Ujc�t��,_F��Į:A"��*��hmh��b�F�#��wɋ��hi*!��2t2d� l�zU󉩒7U7��'��j�Kv�w#�Qz�_F�&kexj�91��mh��5�x� ��9]!Ĺ�͢��O�� T�4��;�!ȗwq�04Ѵ�� XJa'%?��ӷ�fBk�᎔�B��*�I��5X@04��e7�5��c;@&��L�gBYm�\R�!��W��bMh�y��Ak�E͈ �A��T�W0OdEy�!"�AV�<��5�U�"x��W��z��@ҢL%4!Lr�8(��a�&q��n��E�� 0e)��%�^��.v&[�n��X�z��o��1�I��xC�j��\�v��,?$� U㦲-��W��HN<' 6�i�� e��n��b��:P��ov3�7`��3��B��W�F�1��+|=��X��

Sections

.text
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dll/PacketX.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c62effff42307fc9e2ce23fdad766a5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\andres.kaasik\My Documents\My Projects\beesync\trunk\packetx\Release\PacketX.pdb

Imports

wsock32

inet_addr
ntohs
ntohl

kernel32

CreateThread
ResetEvent
CreateEventA
LocalFree
LocalAlloc
GetProcAddress
GetVersionExA
SetThreadLocale
GetThreadLocale
WaitForSingleObjectEx
DeleteFileA
MoveFileA
SetFileAttributesA
GetTempFileNameA
ExpandEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
ReadFile
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetTickCount
Sleep
TerminateThread
WaitForSingleObject
CloseHandle
CreateWaitableTimerA
SetWaitableTimer
GetLocalTime
SetEvent
GlobalHandle
GlobalFree
lstrcmpA
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
RaiseException
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
LoadLibraryA
MulDiv
LockResource
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter

user32

GetWindowRect
SystemParametersInfoA
MapWindowPoints
SetWindowContextHelpId
GetSysColor
ClientToScreen
ScreenToClient
InvalidateRgn
RedrawWindow
SetCapture
GetWindow
ReleaseCapture
FillRect
DestroyAcceleratorTable
GetDesktopWindow
CreateAcceleratorTableA
GetWindowTextLengthA
RegisterWindowMessageA
DialogBoxIndirectParamA
GetActiveWindow
GetDlgItemTextA
SetDlgItemTextA
GetClassNameA
MapDialogRect
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
CreateDialogParamA
MessageBoxA
CreateWindowExA
GetParent
SetFocus
GetFocus
IsChild
RegisterClassExA
InvalidateRect
IsWindow
GetKeyState
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
LoadCursorA
GetClassInfoExA
GetWindowLongA
UnionRect
PtInRect
WinHelpA
GetDC
ReleaseDC
GetDialogBaseUnits
SetWindowLongA
IsDialogMessageA
MoveWindow
ShowWindow
DefWindowProcA
DestroyWindow
SetWindowTextA
GetWindowTextA
EnableWindow
GetDlgItem
SendDlgItemMessageA
SendMessageA
EndDialog
LoadStringA
CharNextA
UnregisterClassA

gdi32

SetViewportOrgEx
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutA
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
LPtoDP
SetMapMode
DeleteDC
CreateDCA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
CreateFontIndirectA
SelectObject
GetTextMetricsA
GetTextExtentPointA
DeleteObject

advapi32

RegEnumKeyExA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
StringFromGUID2
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleUninitialize
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleSaveToStream
WriteClassStm
OleLoadFromStream
ProgIDFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
OleRegEnumVerbs

oleaut32

RegisterTypeLi
UnRegisterTypeLi
VarBstrCmp
SystemTimeToVariantTime
SafeArrayCreateVector
OleCreateFontIndirect
OleCreatePropertyFrame
DispCallFunc
VarBstrCat
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
LoadRegTypeLi
VariantChangeType
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterRunDll

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/Reg.bat
dll/UnReg.bat
说明.txt

Sharing

General

Malware Config

Signatures

Files

276863cbe2451117e677e5df274ba62a

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 54KB

.data Size: - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 25KB

.vmp0 Size: - Virtual size: 138KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 196KB - Virtual size: 195KB

c62effff42307fc9e2ce23fdad766a5e

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 222KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 24KB - Virtual size: 32KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: - Virtual size: 54KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 25KB

.vmp0
Size: - Virtual size: 138KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 196KB - Virtual size: 195KB

.text
Size: 224KB - Virtual size: 222KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 28KB - Virtual size: 26KB