14c6901137536cac108a5d9c53bd14e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14c6901137536cac108a5d9c53bd14e7_JaffaCakes118
Size

135KB
MD5

14c6901137536cac108a5d9c53bd14e7
SHA1

50c96dc25243aedaf6816195a202f934a6f38095
SHA256

2abafa485d33e594684cad82412e677d4689bf526983a1aa4c831271e9f79d7f
SHA512

25fc2b92b0f0c9f55321bedd2efc840f5ce75adcd707f31fdeb4e7001d7c2d0fb71f3f94243e721df918698be09b709b6265d598e70a0d68e6e87f65097c362b
SSDEEP

3072:s2KABTHdx/yZxGO4YsT6AddwNvVc6HhC3wT66vlmWywVjmh:szA59xSGsbAz09c6Hk3wT66vlmWyj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14c6901137536cac108a5d9c53bd14e7_JaffaCakes118

Files

14c6901137536cac108a5d9c53bd14e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66927e5fc353897d19fdf3f428d8e551

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateRemoteThread
CreateThread
DeleteFileA
DeviceIoControl
DuplicateHandle
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesA
GetFileSize
GetFileTime
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDefaultLCID
GetSystemDirectoryA
GetSystemInfo
GetTickCount
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapFree
InterlockedIncrement
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
OpenProcess
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WriteFile
WriteProcessMemory
LoadLibraryA
VirtualProtect
GetModuleFileNameA

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2A
ChangeServiceConfigA
ClearEventLogA
CloseEventLog
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
EnumServicesStatusA
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameA
LockServiceDatabase
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenEventLogA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceConfig2A
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
UnlockServiceDatabase

iphlpapi

GetAdaptersInfo
GetTcpTable
SetTcpEntry

msvcrt

__getmainargs
__p__environ
__set_app_type
_assert
_cexit
_fileno
_fmode
_fpreset
_iob
_setmode
_stricmp
abort
atexit
atoi
calloc
exit
fflush
free
gets
malloc
mbstowcs
memcpy
memset
printf
rand
signal
sprintf
srand
strcat
strcmp
strcpy
strcspn
strlen
strncpy
strrchr
time
_stricmp
_strnicmp
_wcsicmp
_write

netapi32

NetApiBufferFree
NetUserEnum

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA
GetModuleFileNameExA

user32

ExitWindowsEx
wsprintfA
MessageBoxA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetFilePointer

wsock32

WSACleanup
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66927e5fc353897d19fdf3f428d8e551

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

msvcrt

netapi32

psapi

user32

wininet

wsock32

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 46KB

.idata Size: 6KB - Virtual size: 6KB

.vmp0 Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 524B

.vmp1 Size: 16KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 46KB

.idata
Size: 6KB - Virtual size: 6KB

.vmp0
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 524B

.vmp1
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB