b05becb05b017fbfe00b619cf0afeed2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b05becb05b017fbfe00b619cf0afeed2_JaffaCakes118
Size

158KB
MD5

b05becb05b017fbfe00b619cf0afeed2
SHA1

d5fe709240a68aa737ad4948cb91bb82a0b17e55
SHA256

488fe5a0868bc0fceb35b4db513b98fcf411407d0271c98d30fb53681e8bce59
SHA512

ccd845facf25c09f8046d7355bc4039c2d1c6dcbd432e0605c56743edf9779a6a4076fdae8db1c9eb9ab82fbadf2d1b2a22e35db8b2fccf47e6ee476f5ad3d1e
SSDEEP

3072:8rWWHbM4cwiAQVoH7+P1ieWoCXomg/8nJm+Knt2jarywM1W:AWcbMabLQ1ieEXQ/8JJKnt2ubM1W

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b05becb05b017fbfe00b619cf0afeed2_JaffaCakes118

Files

b05becb05b017fbfe00b619cf0afeed2_JaffaCakes118
.dll windows:6 windows x86 arch:x86

ad90cc5f95a5505d62a663edfb063bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ScreenToClient

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

wininet

InternetCloseHandle

d3dx9_43

D3DXMatrixMultiply

iphlpapi

GetAdaptersInfo

vcruntime140

memchr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise

api-ms-win-crt-heap-l1-1-0

free

Sections

.text
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad90cc5f95a5505d62a663edfb063bdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

wininet

d3dx9_43

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: - Virtual size: 47KB

.rdata Size: - Virtual size: 24KB

.data Size: - Virtual size: 14KB

.vmp0 Size: - Virtual size: 79KB

.vmp1 Size: 156KB - Virtual size: 155KB

.reloc Size: 512B - Virtual size: 164B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 47KB

.rdata
Size: - Virtual size: 24KB

.data
Size: - Virtual size: 14KB

.vmp0
Size: - Virtual size: 79KB

.vmp1
Size: 156KB - Virtual size: 155KB

.reloc
Size: 512B - Virtual size: 164B

.rsrc
Size: 512B - Virtual size: 469B