1c8350547ff6adcd3c47939f93c37208_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c8350547ff6adcd3c47939f93c37208_JaffaCakes118
Size

263KB
MD5

1c8350547ff6adcd3c47939f93c37208
SHA1

2e50df3b36898eb413a49fe6f696155dc0bfc4ed
SHA256

155647a52b6b26d2dfec66330d3a8dec6aaa100987bbf3da996c00741d6b7e13
SHA512

0c8efeb872b20a518ccfedebe62022136de1ce8e7a7f1a0cbd2ad295234b929fa857adf7e6adce5a083d39cbe255365ae14f22665d2e16311b06da23d7636455
SSDEEP

6144:ov2LQXl4WlPd/Ifjw+9Se1M+sTs1Ru//K9u2XKy+M:oeUw0DTs+6Q2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c8350547ff6adcd3c47939f93c37208_JaffaCakes118

Files

1c8350547ff6adcd3c47939f93c37208_JaffaCakes118
.dll windows:4 windows x86 arch:x86

412fdb24f5cac861731e5423448a1e03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueA
SHSetValueA

msvcrt

wcscat
abs
memcpy
??2@YAPAXI@Z
sprintf
strlen
strcpy
strrchr
getenv
memset
rand
srand
time
__CxxFrameHandler
atoi
strstr
_strlwr
_strnicmp
_stat
_memicmp
_wcsupr
_CxxThrowException
strncmp
wprintf
_purecall
fclose
fopen
_ftol
_CIasin
_mbscmp
??1type_info@@UAE@XZ
_access
_CIpow
_setjmp3
__CxxLongjmpUnwind
longjmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_wcsicmp
wcsncpy
wcsncmp
_CIacos
wcscpy
wcslen
printf
_mkdir
strftime
fread
_stricmp
isspace
strchr
abort
strtok
strncpy
memmove
fwrite
rename
strcmp
atol
sscanf
free
localtime
mktime
vsprintf
malloc
memcmp
exit
strcat

ws2_32

gethostbyname
ntohl
inet_addr
ntohs
htons
gethostname

iphlpapi

GetAdaptersInfo

netapi32

Netbios

user32

GetPriorityClipboardFormat
OpenClipboard
GetClipboardData
GetForegroundWindow
GetWindowTextA
CloseClipboard
SendMessageA
DefWindowProcA
ChangeClipboardChain
PostQuitMessage
SetClipboardViewer
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
IsCharAlphaNumericA
GetWindowThreadProcessId
wsprintfA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetSystemMetrics
CloseDesktop
CloseWindowStation
ReleaseDC
GetDC
SetThreadDesktop
OpenDesktopA

oleaut32

VariantInit
CreateErrorInfo
SysFreeString
VariantChangeType
SetErrorInfo
VariantClear
GetErrorInfo

advapi32

CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumValueA
RegConnectRegistryA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
DeleteService

mfc42

ord5683
ord801
ord541
ord2614
ord354
ord665
ord535
ord5710
ord6883
ord4278
ord4129
ord924
ord858
ord537
ord6877
ord860
ord6383
ord5440
ord5450
ord2107
ord5858
ord2841
ord3663
ord341
ord654
ord6394
ord540
ord2818
ord800

kernel32

lstrlenW
GetSystemDirectoryW
CompareStringW
VirtualAlloc
VirtualFree
DuplicateHandle
TerminateThread
GetWindowsDirectoryW
VirtualProtectEx
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
HeapFree
SetFilePointer
lstrlenA
GetTickCount
MoveFileA
lstrcpyA
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
LocalFree
OpenProcess
TerminateProcess
GetCurrentThread
GetCurrentProcess
WideCharToMultiByte
GetLocalTime
GetSystemDefaultLCID
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
InterlockedCompareExchange
WriteFile
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
DeviceIoControl
GetFileSize
ReadFile
CreateFileA
SystemTimeToFileTime
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetLogicalDriveStringsA
LocalFileTimeToFileTime
SetFileTime
LoadLibraryA
OutputDebugStringA
GetModuleFileNameA
CreateMutexA
Module32First
Module32Next
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDrives
CopyFileA
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
WritePrivateProfileStringA
DeleteCriticalSection
ResumeThread
GetExitCodeThread
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
SetEvent
GetCurrentThreadId
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcAddress
GetSystemDirectoryA
SetFileAttributesA
DeleteFileA
lstrcatA
GetShortPathNameA
WinExec
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetTempPathA
Sleep
InterlockedExchange
CreateThread
CloseHandle
GetLastError

gdi32

DeleteDC
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetDeviceCaps
BitBlt
SelectObject
GetPixel
CreateCompatibleDC
CreateDCA
SetDIBitsToDevice
CreateCompatibleBitmap

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExA

ole32

StgOpenStorage
CoInitialize
CoCreateInstance
CoUninitialize
StgIsStorageFile
CoTaskMemFree
CoTaskMemAlloc

winmm

waveInOpen
mixerOpen
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetNumDevs
waveInUnprepareHeader
waveInGetErrorTextA
mixerGetDevCapsA
mixerGetControlDetailsA
mixerSetControlDetails
waveInClose
waveInReset
waveInStart
waveInAddBuffer
waveInPrepareHeader
mixerClose

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

412fdb24f5cac861731e5423448a1e03

Headers

File Characteristics

Imports

shlwapi

msvcrt

ws2_32

iphlpapi

netapi32

user32

oleaut32

advapi32

mfc42

kernel32

gdi32

shell32

psapi

ole32

winmm

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 27KB - Virtual size: 74KB

.vmp0 Size: 10KB - Virtual size: 10KB

.vmp1 Size: 17KB - Virtual size: 17KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 27KB - Virtual size: 74KB

.vmp0
Size: 10KB - Virtual size: 10KB

.vmp1
Size: 17KB - Virtual size: 17KB

.reloc
Size: 10KB - Virtual size: 10KB