0f2a6242693882541b11c21e6e930fc3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f2a6242693882541b11c21e6e930fc3_JaffaCakes118
Size

41KB
MD5

0f2a6242693882541b11c21e6e930fc3
SHA1

8d6fa79976edbea5123c23bd9c8a391f16f18628
SHA256

11df2be416edc8b269f41c9f343fa7d9c5f5342900438a39636a90a8a0317544
SHA512

aa1fe4ef6f2af186c015ab07fb576ae72c2d34113518d94a5065cd2ef13a60e6f2c8d4645a2bfc0b67c7943b72aefe4af48f1b76ee1660c571950910c2ecf542
SSDEEP

768:/zorFpx/4+0MCjwhGuo0DQch+KAP/fUyaHL7ydlgPFQtp5E56PpZUSRSYtTFa:bo7gjwhGDU+Ke09LudAQX5E56PpZUSRw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f2a6242693882541b11c21e6e930fc3_JaffaCakes118

Files

0f2a6242693882541b11c21e6e930fc3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bc62f107344e036d456b22ad09760747

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreateThread
DisableThreadLibraryCalls
DuplicateHandle
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentThread
GetModuleHandleA
GetThreadContext
ResumeThread
SetThreadPriority
Sleep
SuspendThread
TerminateThread
VirtualProtect
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

_close
_open
_write
__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memmove
memset
perror

user32

GetAsyncKeyState
MessageBeep
MessageBoxA
MessageBoxA

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc62f107344e036d456b22ad09760747

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: - Virtual size: 5KB

.data Size: - Virtual size: 128B

.rdata Size: - Virtual size: 528B

.bss Size: - Virtual size: 272B

.idata Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 428B

.vmp1 Size: - Virtual size: 15KB

.vmp2 Size: 39KB - Virtual size: 39KB

.reloc Size: 512B - Virtual size: 96B

.text
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 128B

.rdata
Size: - Virtual size: 528B

.bss
Size: - Virtual size: 272B

.idata
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 428B

.vmp1
Size: - Virtual size: 15KB

.vmp2
Size: 39KB - Virtual size: 39KB

.reloc
Size: 512B - Virtual size: 96B