b0a7a57de6761f8b1b4d83e197f6d818_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0a7a57de6761f8b1b4d83e197f6d818_JaffaCakes118
Size

72KB
MD5

b0a7a57de6761f8b1b4d83e197f6d818
SHA1

ce23f50799471319379f136f2a32f3b7e2878e7c
SHA256

226d7e057dda6042b56fbd989a5accf79f42c46b89872ec6b8b3f2e4c63fcac0
SHA512

67b82ee1a6b2b3897749a65c04ab1fe208928fb572af456609a5b09d9c891b15259a5b32a752efa6cf1e55c3b44bb296375f5b77eae639f5efe95335ea9533e5
SSDEEP

1536:tx0Scj7aj8xnhSN4zELg2+IVGsUHXzoYUSBEJcD:tuScj7c8FhSmI6IVrU3czSBEJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

b0a7a57de6761f8b1b4d83e197f6d818_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a883da7768b1e79c0cb7af620057effa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/07/2014, 00:00

Not After

29/07/2017, 23:59

Subject

CN=FortCloud Security Info Tech Co.\,Ltd.,OU=R&D dept.,O=FortCloud Security Info Tech Co.\,Ltd.,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a9:6e:cf:f0:37:b1:53:1f:ca:86:7e:17:e8:b8:e3:03:8e:d3:d5
Signer

Actual PE Digest

13:a9:6e:cf:f0:37:b1:53:1f:ca:86:7e:17:e8:b8:e3:03:8e:d3:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
WriteFile
ReadFile
OutputDebugStringA
CloseHandle
FormatMessageA
GetLastError
LocalFree
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcp90

?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A

msvcr90

__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_adjust_fdiv
_onexit
_except_handler4_common
_encode_pointer
strcmp
vsprintf_s
strlen
sprintf_s
_amsg_exit
_initterm_e
_malloc_crt
_decode_pointer
_encoded_null
_lock
free
_initterm
__CxxFrameHandler3
memset

Exports

Exports

WritePipe
WriteReadNotifyUIPipe

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a883da7768b1e79c0cb7af620057effa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

13:a9:6e:cf:f0:37:b1:53:1f:ca:86:7e:17:e8:b8:e3:03:8e:d3:d5Signer

Headers

File Characteristics

Imports

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: - Virtual size: 3KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 896B

.rsrc Size: 2KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 502B

.vmp1 Size: - Virtual size: 20KB

.vmp2 Size: 62KB - Virtual size: 62KB

.reloc Size: 512B - Virtual size: 204B

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

13:a9:6e:cf:f0:37:b1:53:1f:ca:86:7e:17:e8:b8:e3:03:8e:d3:d5
Signer

.text
Size: - Virtual size: 3KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 896B

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 502B

.vmp1
Size: - Virtual size: 20KB

.vmp2
Size: 62KB - Virtual size: 62KB

.reloc
Size: 512B - Virtual size: 204B