a9ecf995827eca7cd28914a3fe63ed40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9ecf995827eca7cd28914a3fe63ed40_JaffaCakes118
Size

6.3MB
MD5

a9ecf995827eca7cd28914a3fe63ed40
SHA1

55d15ce5b7f00f7e51c705730e99c947f1cda7a8
SHA256

fec11ba356208e1df0912d93483a9dd30fde03c92d4d776dfe41e77edb005a75
SHA512

6ff13bd6e39df51c7ccbc9d868fd72c6231ff6c1a2a3bee14bd18bc110fef0916f69783e4135dfdf5ec793cf170a672bfa19ef235957c4e782e825bc0b7b1654
SSDEEP

98304:euMCTm7+qVHnwn4izFx3luG321RXC3EO4a0AykPHfVtIbnSpQi3SrnvP2/:3BTPqVTM3UemRXCUOlj5Hf4i3Srvg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9ecf995827eca7cd28914a3fe63ed40_JaffaCakes118

Files

a9ecf995827eca7cd28914a3fe63ed40_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e01fe5f15a049699601b0148a4c425cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteA

msvcp140

?id@?$ctype@D@std@@2V0locale@2@A

wininet

InternetReadFile

vcruntime140

__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode

wtsapi32

WTSSendMessageW

Exports

Exports

`�bO��O��#��&=j�;8 ��>�G?� p%�i!�� < �7�4��U��(j�YՓ]ř�F�:��[��K�Y�jX��`\� �NC5��jh�7=}�lK�iE/;`L��!2�%�Y��W� i�^�l�֯��uҲ��JI �Ȉ=Jɟ}w�WvrQ�֊y��(�F�~�XE��,�i��+Y� �Ѝ� ��/e�̧��!�MGA��Sr�kR�n9Y|��s>��V$4��M�`ۓ4Kg��f��-�٨�,�f�,E�ˇ{0��=qX�␞4�]�sH��`%��ՏD��C��Ua^�68&I�(�2ڄ��H5&s��q� ��W�~��ͦ�@��#*�\19٩��:ܫ��f�.@r~�n�տu��돰CM7"b�bY��v�]�O��Ω��d�HR��Tg�U�f�%h��<C�מ�WR�ڗGj��t��\�c&j�3T<Bj��b1��GX��˺u'J�4��R��F!��x#Lzǘ��_䳞��e�ٳ ��0"�m!(��{�0��Zb[�f<��oeN�ɒ��'�8BX�LB2��2}�ž��c��9�w��YF;�N��1� �ͳu� -P@鳳�/2��Z9a�BaIwYK�CK��<Y��{�K�ckV�r$,��k��s�֣ٛm8|��R:W��۴0� ��[%ϓ��M6(d(��*d+�A��R��G_�L� ΚZ~N3��v/;�bm��?v߰%3��z�U}��/3��|�D�N��=��H��6��٣i�+`|�ߤy��)��{�|2s�():�pH6وT�?��A��\e Gb�C�u��WP��M�X��d��K�=�N��M��2��zS��j�za�7�D7��;<�=�y�:�V�C��|�8i�4rVC�V�/��?��R�Jn��x�@B[I��}7N��`��4A׉�O#x�H��0��^ӕ~6g��|��+�az��ЯxV��Js�U$��MN[��l};X�e�V��6�i��R��僅��'�7��W�k$Ul5��l��>��fK �zN�f{k�A��(�&��p N{�<o�&@b4�_�6)�0P��V��AdA�P�w~�k)��^si"Bu�!k��<�xS�m6P��B�dA�*�w�=��"�:��I�ƍlE��Ű��M��Q"��i�㷖Ś[�z��v}��B!�zHi�s�ZT#J�<�H5Z<��}�p��O�EJg5�� j2o�2n]'��~�9��ȥ��f��fZEx��}ɼՃ_��.v)�#�?&΀�t�|��r��QϤaAPw#��YVL{�~X�g貦b t��6t7��ƛo.a~/B��z�˽�{U��_@�v�~��nn��L��/� ��x�*K�Zt��u��:��o6�9��9�j�ӯ��9O2��lX4b��k ��pt�Q�{�f`�~y��B��?��|�i�0��Y��U��%(�ԩ@'��N𩪵��>��^m>�K^�r^,��M��恣}W"��D8()F��!��U��݀OA�{��#�0�.\��)�� g�4HA��؟!�UjXiB�2��,P��!�?�%* �kޚjf*�́Iyf$��Ux a�¢�)��o��6��3(Q�U^��]�涠�o�ٳ��Y�A�`��'o�1p�}4o�X�̭o�8*�m��]ˍ��0�P��aL(;ޯW��G�� ,N2Կ�̲�$�䉯$V��Cq��2�r"��{�8�)��ƈU㛾X��׈ E)�T��[��>*cþ�xNQ6��V��ksp�|AQ*�D��}�E;TE��ܥ$��{X�Lĝ��ĭ�`�v�k��N�Ӑ ��+[w�sS,:K�&U�v@�9�\�B��r��C�3Wl��~�ODG��tW�Y �59�d��ٸPj@Xn5md�#,z�d^�1�_U��|�`/(�_��ȃ<��N�X��f+�R��e��/H!�!$��"��=��#��Ru��̘�B<T��?�\�(_ַ��)��pP+XStUF�vȔ�m)��8�`�:x��2��.��K�L4��nM��m誥9x�^�eS�w�,:0�=V�Q��5ِ��gF&Bz�|�&�� n�6��iY��l7Ԩ܃ �"�2bBL�l:��' 1X#P�7��z�$��d[�b�x/��F,s��0#~�,M�b(��Ņ9u'B��VR��A[N��Dd ��b��-��QU#~T��Y�Ik%E��^^y��z�W](}*��Po�KGw�.�m��p�H�"�.%�� ز�D��͡��:a��_Y�A"�9V3��J�s[�k�p-�f�?C�JRM{+�4��npE�v��}tպR�N(w�s6�e� �n�1�� f, :ܺ��j��Bي�l;_��*�<�/��ݖ@5��WE+qq��a��:ΑJ[��4N}�D8�3l��DL0Eh��]pv��ʚ�mQ��;�4j��oX��2��J��a��:�ɩ��@��AFF~;`��K��y��T6.bE�dr�Q$d%vN�E�wQc�_��-��K��1�悢 ��}IL�m�σ��G��y�2��ɸ�S*�Hy\�s��C~;�z^�%��'�.��I�Ѡ�l�b��ِ_��`�5Ñ']�S�u�-��zY�s��;E��\*�+��nQ"P��S�iE��1�c�Χ�.>=�5�[2�:K��k^�M�j$A�>kś�W��hϩ'"U�J�@XCx��2�A�,2Δ��]BL�r9sR-dz�;��QH��.I��v��

Sections

.text
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e01fe5f15a049699601b0148a4c425cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 14KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 1.8MB

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 6.3MB - Virtual size: 6.3MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 14KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 1.8MB

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

.rsrc
Size: 512B - Virtual size: 480B