0c3a4f5d6bec73a9a6d14f8a8a49d13f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c3a4f5d6bec73a9a6d14f8a8a49d13f_JaffaCakes118
Size

3.1MB
MD5

0c3a4f5d6bec73a9a6d14f8a8a49d13f
SHA1

79f6d8a700e4361398278e48068d99748523aa7e
SHA256

255fcf88c6de1a9f36e641b948a7e36bb27da66afc07b8f4b3c610b451c4670b
SHA512

59c44b98fcf24baff79172b8b8a3b083ab3645f7d58daa9c6edcac4627cae12fc05ddffed999220331419925ec473c8c4bcfcdddc8e689cc79fd2e7b0b1521a6
SSDEEP

24576:fgOmdsqGqm/j03EjCuPZefXmhkJ5fgLiOwJruMwO:ILHGcELef2+joiYMJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c3a4f5d6bec73a9a6d14f8a8a49d13f_JaffaCakes118

Files

0c3a4f5d6bec73a9a6d14f8a8a49d13f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

547eefed5e8b9501bc64b9fdeeac9110

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACancelBlockingCall

user32

SetTimer

kernel32

TlsGetValue
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Exports

Exports

ComInit1
ComInit2
ComInit3
ComInit4
ComInit5
ComInit6
ComInit7
ComInit8
ComInit9
ComInitA
ComInitB
ComInitC
ͳ��G�c�k��c�sx��"!ݪ+laսla��R+#L֒��p�(��ӓzP�1��%M�c�zd�A�5)]��6G�q��eqQNV� ��eDt@+7�]~U�;eM�o��y��)$��p�{�k�%l� I.��q��;�S�l_� ��4��oq�/�1�5�"��8,�~�̆��A�UH*�Mq��i.��rMϻ ��alb��#碱�3Λ�C9<ʳ'ϵG�[{��$�r��ǚ�L��fx&}�>�{�m��it�gIάP&3j�|\@��%��}h�@��"�&t��hl!�?��x��*�P��5�_�/M1@h��T�W�sƚ�6E�$��3��Jy"��ѧ1�<#�q3(��-�y�gW@n|(z��SsIx�y�dw��s��H�[�x�(ߦ|m�ֆ��h\>V��|`�4z դ��,'�ƷX��>H\l�v)V�!-�O��$�Т*��#~:� �w��ǧˊ��l{��f��,�� 6g�g ��S�Bql�� m�?�z�K�f۴W�@�M�ҫ]ၼ��I�:%1+�˘��X+&��c��(�4�Tҕ�:��B�w��2W�i��s��$�x{��o�o�jM��6�?��u�&!��V*�RQe�]i�B�?)�� j")�KuP��Ău�y�r��lZ��9��"K�l��Jz]��\a��&1��;p��u�1��I=k��4��k��DI��J��p4�V+�+C�vx�� 5��¸��[�K��T��]N�v�,ݾE55_s�˛D�P6��18o*p�]g��8>s�h�om�p�^��"��$Xs�FaՄ�$��{�r�q�4K��]bNL ��n3ܭ�uK��L8ā�.��A��E�z�0��g؍�[t�`��ۑ��A<��<c�) Iv��H�r�q,��1B!m�.%-��al��[�1��Y?��d�I��pm~%�S�-�Ct^~ ^�;�Q�Ԇ�Θr퐏�Ty��l��!2n�Px��ք��l��д�*Z��1�w� #��@�d^O�_Y�vX��EW��4!��,�V��T��$j��:̎�Q��ˠ��Ⱥ;3p��4c1�;L��P�x��m��+��W߷��)��K��S��z�}=�ޛ�EFumb�9Fup�Z|&�+�E�vvo�A�OC��Τ�d��.:񋮺��S�\�]�TR��(,�rj��0a�%��z%��#�xRkj�<��!��5'��k35��ori`��.�u��Ìߟ�S�,h�t��-(�\/��7�Y>��$��.��&��Ք�͔6��'s��B�J�h&;��H��u�UH�tT�UY.��ī�7�VfRb��q��-b��\l]�RMQJS��e�l�#w�R� � ��T�� +�^:?t��k�H%�_��=Â��D�zas�6P6k��H;�e�l��0�v��Y:��m��I��l��4G��#@�M�Ch��3��V��Ysz5�$z�U��KH��t�q�&�`'qY�ʌ��W|6��E/��#$UQ�{�j�H%�F�sA;Z��*�;� <"x��"y��|��5��udf�M2"�:|��x?�(�T��`9W;#��y[�l�B�z��c�ZPR�B�~��] Z�?P|��۝ynr�{��u5c��a�R�~�nrUJ��0l�\�W��T��M��2��3~=�\!KF_ɨ��Q��q��P��k��w'i@��^�H��kN��n��Z&j��p�i��Dm�%��p��Ep-u�E��K~Gtq��Db�.h�]�OK��YC�*�"�r��n��υ��F��d��8��ʘ�~̹��!]�)��o-�`�?Q\aeO)V4��u�19:�2��S9��\�w��A�l *�D��}N��o0��.��Q��$��3/�~��7��!��zְ�*��)��8�,c&ڝs��6k]�@��\��f|��¢w�@{��b�U��*:62�gJ�k�.�!�x�vi('�P��$��>]a/"�Y-��J�}��̻�Z�,-�ɲ�K%�� R�nō�%�P"FKr�\�6>[��:�<3��3k��D��`��%s{N��r��S$ښ��8�� /�&��"�L5�/.��%X#�5�)�{zB��Kڳ� ��v�Dw��aS�׹�X$81��vUd�V{4�� J�ܰ7��BŸ��1�*�礛�̴�`��8��M|͒�ku�RFخ�J��Le��4�n'| �l_T6#BbG�n�8�L�uΎ�/��$gڕ��Wq�� >�/��bZ��G%9�֭0��#��d��Rx7��pu�]#M�~{bP�U+��PZ�s�b��MB��7D��),3�7 ��si��"�F��|�a��E5ۤ��`��<v�`��A:��t��R�О�9\E��7�$��\��\"sU��L��RN��bO�~��V/O0-��GH�$��l��خ��QہAE�,5Κk��Waì0�H�9�r��3��j�J�t��Qt��6��:� ��O�176�w��~��d�||O�w�6�GHw"�v�/F�lLb�@�9��ϗ��c��"QNM{1G��c��[m �N1�2��U}<�k��t��eH�0]F��5�� d0�thov�� O�`@�(�p�SO��U��;�ۼ��a � ��c!�M��J�#�w��Dȑ�ޅ�{(�� 0�g.(��G�4J�ӍX`S�s}�}'�A6�] C�̿�T��\zx 3�� a�}Y, g�$FZ��ܒjEG,��V�[��ǂlO��P��a��1�2m�9��ϗ,\��

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

547eefed5e8b9501bc64b9fdeeac9110

Headers

File Characteristics

Imports

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 12KB - Virtual size: 51KB

Shared Size: 4KB - Virtual size: 512B

.vmp0 Size: 32KB - Virtual size: 29KB

.vmp1 Size: 840KB - Virtual size: 839KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 60KB - Virtual size: 57KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 12KB - Virtual size: 51KB

Shared
Size: 4KB - Virtual size: 512B

.vmp0
Size: 32KB - Virtual size: 29KB

.vmp1
Size: 840KB - Virtual size: 839KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 60KB - Virtual size: 57KB

.reloc
Size: 20KB - Virtual size: 18KB