0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118
Size

104KB
MD5

0bda40b3d1fa46c7d4eafbca65d506aa
SHA1

23287c4f31d5733ed44e9890316201475e4bd108
SHA256

1e67ada3cbcfe02f64c40311f54b8c2693d76d79e49347285c705625c83b3a26
SHA512

1b3925369f4d7152a1bccb64584318890288c56d97b3fa5f6e6abcc67cdd45f5abb80a00103746db3347339f8f53fa4ca6214b5048b7bcab63fb3169847087a2
SSDEEP

3072:1y5u7eZQWWTggxD+kjhR+RIXvmhyypVwMdi2igEL8Im43qkP:N7Q32gRkl7e8eVwMdjy4Im43qkP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118

Files

0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

50675f3830822cae4908aead42358bb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_ntoa
socket
inet_addr
htons
connect
send
closesocket
recv
WSCEnumProtocols
WSCGetProviderPath
WSAStartup

shlwapi

StrStrA
StrRChrA
StrStrIA
StrCmpW
StrCpyW
StrChrA

psapi

GetModuleFileNameExA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage

wininet

InternetConnectA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetReadFile

mfc42

ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord823
ord3953
ord2725
ord3259
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord1116
ord4274
ord825
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord3147

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
__CxxFrameHandler
atoi
malloc
free
wcslen
_purecall
sscanf
sprintf

kernel32

ExitThread
CreateThread
WriteProcessMemory
GetCurrentProcess
GetProcAddress
GetModuleHandleA
TerminateThread
GlobalFree
WriteFile
GlobalAlloc
LocalAlloc
SetFileAttributesA
GetSystemDirectoryA
GetLocalTime
VirtualQuery
TerminateProcess
Sleep
LocalFree
ExpandEnvironmentStringsW
lstrcpyA
lstrcatA
DeleteFileA
CreateFileA
GetFileSize
ReadFile
CloseHandle
lstrcmpA
lstrcpynA
Process32Next
Process32First
CreateToolhelp32Snapshot
DeviceIoControl
SetFilePointer
MoveFileA
WritePrivateProfileStringA
CreateProcessA
GetCommandLineA
GetCurrentProcessId
GetModuleFileNameA
OpenProcess
LoadLibraryW

user32

GetWindowDC
ScreenToClient
PostMessageA
GetCursorPos
GetWindowTextA
GetAsyncKeyState
MapVirtualKeyA
GetDesktopWindow
GetWindowThreadProcessId
keybd_event
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
GetKeyState
PeekMessageA
CharLowerA
PostThreadMessageA
GetClientRect
GetDC
ReleaseDC
CallNextHookEx
GetForegroundWindow

gdi32

GetPixel
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetDIBits

advapi32

CreateServiceA
OpenSCManagerA
StartServiceA
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
OpenServiceA

Exports

Exports

Runup
WSPStartup

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50675f3830822cae4908aead42358bb9

Headers

File Characteristics

Imports

ws2_32

shlwapi

psapi

gdiplus

wininet

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 8KB

Shared Size: 4KB - Virtual size: 2KB

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 20KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 8KB

Shared
Size: 4KB - Virtual size: 2KB

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 20KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 2KB