0cf45f89617d95c8a744ed4637523d67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cf45f89617d95c8a744ed4637523d67_JaffaCakes118
Size

407KB
MD5

0cf45f89617d95c8a744ed4637523d67
SHA1

36fbff52aae759a9dd4b84af415b30cd44597527
SHA256

d1c6e2e03112c9cc6a2fe66f1e36e3d7ae510f2f552bdf4312b832b73beea69b
SHA512

b8aecdf3b02a9db485cf31224731dbb45979ef80e8c40e27195504eefc38ed79db424eed7947dee851bc465740f18f9cf5da268802c59ff091f92158a05a5ff1
SSDEEP

12288:V337Rf3NOFO0psXNhGftKqKG3T/DExT4OO:Vn7RfdOhKNhGftKbCTbERO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

0cf45f89617d95c8a744ed4637523d67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa7392f9e519df235bc14865b78cce4f

Code Sign

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8e
Certificate

Issuer

CN=Microsoft Corporation

Not Before

19/11/2010, 08:37

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:d9:cf:a1:2b:43:09:6d:3e:bd:d6:f7:39:19:78:16:26:79:d9:9c
Signer

Actual PE Digest

70:d9:cf:a1:2b:43:09:6d:3e:bd:d6:f7:39:19:78:16:26:79:d9:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect
MessageBoxA

advapi32

RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoUninitialize

oleaut32

SysAllocString

htmlayout

HTMLayoutGetParentElement

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa7392f9e519df235bc14865b78cce4f

Code Sign

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8eCertificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

70:d9:cf:a1:2b:43:09:6d:3e:bd:d6:f7:39:19:78:16:26:79:d9:9cSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

htmlayout

iphlpapi

wininet

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 6KB

.vmp0 Size: 108KB - Virtual size: 105KB

.vmp1 Size: 64KB - Virtual size: 60KB

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8e
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

70:d9:cf:a1:2b:43:09:6d:3e:bd:d6:f7:39:19:78:16:26:79:d9:9c
Signer

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 6KB

.vmp0
Size: 108KB - Virtual size: 105KB

.vmp1
Size: 64KB - Virtual size: 60KB