b1db4009145048bd37cebdac139d1469_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1db4009145048bd37cebdac139d1469_JaffaCakes118
Size

2.0MB
MD5

b1db4009145048bd37cebdac139d1469
SHA1

1c728741cabd54265e755212351d1ddc3d27861d
SHA256

030e95c97f9a0285e0cad6d8a4dd1f5a4b29f84855391dff46f95a4c30d59261
SHA512

8a94df2ace5be93b78b2de397ccdaa6c596f59b529a47f17c22953b9494497c63c21556f38b2c8424c88e9ad62255a06afb0ff5a95eee39fcc1456a3af407257
SSDEEP

49152:cOJP61j36DPCH78Ur6UKVDFt6I72qwpxAZq4DgDxl7izXt:Bw3d4Ur6UQFv9ZqygDk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/1602/TheWalkingDead_SurvivalInstinct_+5_AOBeta.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1602/TheWalkingDead_SurvivalInstinct_+5_AOBeta.exe

Files

b1db4009145048bd37cebdac139d1469_JaffaCakes118
.rar
1602/AOBeta_Info.txt
1602/Club-3t.ru клуб единомышленников.url
1602/TheWalkingDead_SurvivalInstinct_+5_AOBeta.exe
.exe windows:4 windows x86 arch:x86

0c233bcc14f2603a8a4962d322701994

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_adj_fdiv_m16i

kernel32

SizeofResource
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

winmm

waveOutClose

user32

MessageBoxA

Exports

Exports

�|��:֬�?a�g��7�)��^��f׵��C��k��Q��`��[d��A��`��*vɗΝu��}�Tr5I��6=�@�B`��|Xsm(l� P��_�q�V��{ľ��6��9(%�^*7 �rf��y0F��W?m,W�7��ô�>��E�=� UN��s�a��|ɘs�D�P :�Lͳb��)�5G��'��p)�(F)K��'�-v��C�#�=�� (��o�E�9΢�Z�=�G_X.�W�i�A�s�sbC5S,�Q�@��|�C��H��J�I�h��ܱ��e�r��P.��BȮ�=wnVx�}rm�3��_PI�� D�G��B`�LƑ�E�u��SX�Y`��eU�i'�<��3Ȇ��~��O:Ͻi��X��ß (��}BQm@�o� ��~��x/��x��'��g ��*�'�`S�{��f%:�QL݂��Ҁ��p�,W6�դș�ٷX�1�8��#�d��&�+.�,TYc ��'%�<��g�M]�`&�8Emߟ��c_A7K"�e�(V��h��ӥ{: �?� I��\w��bxsmI��3�*M,c( t��*��ʮ��'��N�Y_iM�H��Un��V� �C�ج�D��^C�a�f�-�k��B�]>�� L�Gp pM�5�n!X�B�n^�i��;�;�u ��G�~m�>��L�g�8k��G�=�Z=��{��jq��Q��$O��p��Ϊ�|,"-ͺ�p=��y�_I ��7��f�=?HXZ��DNg��HU�,��-�o_��$�)��Ҧ��:�_%i�T�2��/��@�S��9��NNϥ�:�X��mm��0jzD^:/S�l��T�p�C�Z��ȑ/��v�B"Υ`�q��ao=r�r>F&q�2��$��`%��GW{Z��A�x)�m�AK�QM��Lv;��7@-,��7,G&q�� -χo�)��D��D��o��︴�?�tC��y�]F�x\��×XB��}��XR-��3v��`�5�W�{�*U�jD'�}4ry��p�ިÐy�u<�P<)��I&��A=��-��\��N;]'�c7�YO��m��l��+��*:1� �� ضh机�բb�1׶ɺ��Ź�ԍZ��#'��c �ϱ��!1h��^�`�W�+�K�1�O��B�6��(@��zi��f;�m[��ɤ^��8��$��찶�*��s�B��c4:|,�K�x��vh8b��~�g%��$~6#�W��R�*!�gz!��lI?��,��:cP d��ȉؚr=��d�� 8��b��9�K�� N��N��f�2�J�ʍ��~��(�_�e.��K+FAr��<�V�=]� \��nGߩ��2�K䆧9�E>��כ�fJl��Y�$X��r��賗^��\�𘙃PD��.����tcS�6�(�u�࣫[;S:;�v��u��%G�e��3Z;��E� ��x�8�m;ڇ�d��;��r�D;�P�{�M;Ѩ��o�� ;��ж�\��H��{vVĝx�5uhk/��H<0��}|��VzK��i%5�`�xEś��I9 ��%�;�t�I�KiB~V�5��N�W޻;1�$87�;%%�יh��- s��*�9Ǿ|%��qn��eD�$��b�+��ͫ��x�yq�|��Nqא��w�?:�� Y��2΍*��w��Tt�Ą8a��o>L�0|��H#�;-1G �e��lt�Gp�w̓9�P{� �/�4DP�6��Ux�+�K\�p˝�ݍ��6��>Y,Ѳd�{�ۺ�k�i$�GjQ[}9��a��E�#N͞�]V6j{Ͽ��4Nߧ�Q�ܷ}v��6�x� 8p��~\Z�@��B'��p�Rb��BPq��xW��@yIO�!��o�2W1<9[߻U1�� /i�a�ű�Z��v�w��<&`S|!��5[��*) �!>-W�� d\w�Y�~��R��>�׃��Y��wb5��U��Kh�r�b>|>D��Ɠ��[?��<3I��I1A ��j�1?��Iw��{��i [��S5��A��@��aҤ��Ղz��b��C�2Lh�#�EL��B�%5��bUՊ.�ᶿ�5 ��`)0糧�I�C�ֶ�l��,a��m_`��oe�c�4�x��<�D��[d��1}��U��Z0��,l=��v#�N��V��֨��k�y��V*}�;�.��_"��w'D��/#:��}}�hѮ��:�M�I��=�ᘞxK�V,f'��Y�NJm�KY�|"�lw/�A��Y��fS�R��*M�� h�񈇚Մ4�t��{��.��rՏ\��g��;9f��tD:X6n�Ȋ��ۦ��`e��l �'-��S�B��$��<�J�~��K�]m*vW�O��C#D|T"\v�o��'�ik�0⣝�{�`��s@3��*��j2��ϔ��>\Q��`YQ(��m��r��a��A�Sq�x��=?� �� :]�z�h?�L��8m5"�C��Q��a��B�k��+�^��#�aVM :��~zԱ�U��}�>�41��r��VZ�.��ޫ'XMm��.�oɑfZ��7��UY��' ��t��2��\3��?�U�p��-��Ʋ��r|3�`�jγ/6�^_�]:��X�2�$3l��\K�*�|��;t��L��p6��\�s�� }��5��/��$��~��d��䈊��(}5�vܜ#�,�[��S^��33��1RV��S^��آ�#�*�l�AX��-��X�Ș��3��J@��3��4�Bg� �5:��|W?��<�$�L�;

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c233bcc14f2603a8a4962d322701994

Headers

File Characteristics

Imports

msvbvm60

kernel32

winmm

user32

Exports

Exports

Sections

.text Size: - Virtual size: 1.7MB

.data Size: - Virtual size: 80KB

.rsrc Size: 27KB - Virtual size: 1.2MB

.vmp0 Size: - Virtual size: 1.1MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.text
Size: - Virtual size: 1.7MB

.data
Size: - Virtual size: 80KB

.rsrc
Size: 27KB - Virtual size: 1.2MB

.vmp0
Size: - Virtual size: 1.1MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 1.9MB - Virtual size: 1.9MB