0b5587aa9e8fa0f848738b6420b3a359_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b5587aa9e8fa0f848738b6420b3a359_JaffaCakes118
Size

10.1MB
MD5

0b5587aa9e8fa0f848738b6420b3a359
SHA1

cbadab4c8952fda4faf25e4b3bf08eae863948e5
SHA256

51508fd559604abb5b3f9892f5dff8fb9cebd3492efe3e89632695602ec907d2
SHA512

26de2642b66f02a08f3af3239550f5c406e71d8b713a7228f377fc5f33b6d83ceba7098c680e6eb6d0d208c2dc78555da3f4632ce9ce7be7d821b1b3b67f082d
SSDEEP

3072:PIIXpVAA/kwFyrbUTq/5cdBbtsUnro/Ib248n71ZJ:PIIxFuYTEmdBbtsMroAbQ71ZJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5587aa9e8fa0f848738b6420b3a359_JaffaCakes118

Files

0b5587aa9e8fa0f848738b6420b3a359_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c5458de5a8bda1effdb49752bee4ae42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_XcptFilter
_exit
_cexit
__getmainargs
memcpy
_ismbblead
sprintf
_strcmpi
strcmp
strtok
strlen
strstr
memset
malloc
strcpy
strcat
atoi
free

urlmon

URLDownloadToFileA

wininet

InternetGetCookieExA

kernel32

SetUnhandledExceptionFilter
CreateFileA
GetVersionExA
WritePrivateProfileStringA
DeleteFileA
GetTempPathA
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
WinExec
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
FindResourceA
LoadResource
SizeofResource
LocalAlloc
LocalFree
WideCharToMultiByte
GetTempFileNameA
GetModuleFileNameA
CopyFileA
WriteFile

user32

TranslateMessage
PeekMessageA
DispatchMessageA
GetDesktopWindow

advapi32

RegQueryValueExA
RegDeleteKeyA
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegEnumKeyA

shell32

SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5458de5a8bda1effdb49752bee4ae42

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

urlmon

wininet

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 10.0MB - Virtual size: 10.0MB

.vmp0 Size: 12KB - Virtual size: 12KB

.vmp1 Size: 73KB - Virtual size: 72KB

.reloc Size: 1024B - Virtual size: 896B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 10.0MB - Virtual size: 10.0MB

.vmp0
Size: 12KB - Virtual size: 12KB

.vmp1
Size: 73KB - Virtual size: 72KB

.reloc
Size: 1024B - Virtual size: 896B