0487e1c72a7239ce524ec09681b2780b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0487e1c72a7239ce524ec09681b2780b_JaffaCakes118
Size

168KB
MD5

0487e1c72a7239ce524ec09681b2780b
SHA1

2a87f0f0aee91ac12480ce120dd4b550db172171
SHA256

c5759f03bd288194c4f98d708512a4ba0cf68661e04f493fec88278cefbf37fa
SHA512

9f20e6d1f15c6510bc67d9e48e7ce57e535bdcf9211f38a281fb3fc939bcc1eb5bf5680c37823e3c29e3fe06cf79675ecaaa2b0fd1e005dff244933e66387952
SSDEEP

1536:T5CXM0NyptBC8jHgabKgM5k5SrpTWLusN2E5Whpa9dQdPyn8qPzydrll5n5Bycdj:UNCBXLZKgM5kErsN79sqrydZl5n5L

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0487e1c72a7239ce524ec09681b2780b_JaffaCakes118

Files

0487e1c72a7239ce524ec09681b2780b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fbd5c80be0d07170ec1e7e7d40e1c8a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Works\KernelBots_Up13_IceKer\Shell\Release\Shell.pdb

Imports

ws2_32

gethostname
inet_ntoa
WSACleanup
setsockopt
htonl
sendto
WSAStartup
send
closesocket
select
connect
htons
socket
inet_addr
gethostbyname

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

kernel32

HeapAlloc
VirtualProtect
HeapFree
Sleep
lstrlenW
CreateThread
lstrcpyW
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
CreateFileW
GetModuleFileNameW
GetModuleFileNameA
GetSystemDirectoryW
CloseHandle
GetLastError
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateProcessW
CopyFileW
DeleteFileW
GetCurrentProcess
GetPrivateProfileStringW
GetExitCodeThread
WaitForSingleObject
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
GetCurrentThreadId
SetFilePointer
ReadFile
DuplicateHandle
ExitProcess
RtlUnwind
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
GetSystemInfo
SetEndOfFile

user32

PostQuitMessage
DefWindowProcW
TranslateMessage
DispatchMessageW
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
wsprintfW
SetWindowLongW
GetClientRect
GetWindowLongW

advapi32

ControlService
CloseServiceHandle
OpenServiceW
RegCloseKey
CreateServiceW
RegOpenKeyExW
ChangeServiceConfigW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegSetValueExW
OpenSCManagerW

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

VariantClear
SysAllocString
VariantInit

Exports

Exports

DestoryAntiVirus
GetDllModuleControl
StartShellPROC
StartShell_APROC
StartShell_BPROC
StartShell_CPROC
StartShell_DPROC

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbd5c80be0d07170ec1e7e7d40e1c8a9

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 44KB - Virtual size: 91KB

.Shell__ Size: 4KB - Virtual size: 520B

.vmp0 Size: 12KB - Virtual size: 10KB

.vmp1 Size: 4KB - Virtual size: 644B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 44KB - Virtual size: 91KB

.Shell__
Size: 4KB - Virtual size: 520B

.vmp0
Size: 12KB - Virtual size: 10KB

.vmp1
Size: 4KB - Virtual size: 644B

.reloc
Size: 8KB - Virtual size: 6KB