21d65ecebb8ef4f8ebde7dee958a64e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21d65ecebb8ef4f8ebde7dee958a64e6_JaffaCakes118
Size

532KB
MD5

21d65ecebb8ef4f8ebde7dee958a64e6
SHA1

06c0f20b4e73cadfa7a9907f2f79e451ab868691
SHA256

949b125dab950cc76047c3a8be73e922e4d8798de75e6cfc6c73770526aae73b
SHA512

59205a3470e40c48fdb6d4af50822b05c8c5d99dbd24a3e1abdb09fc044df8dd56f8eb3762d0acec54030faf3e40644fb5571eb8c90e3aed13406e08699494d9
SSDEEP

12288:bngqZujHo7UiGUwcJtHwAi+DxCkfC4bq/iMcy0Fi3j1prZGM/D:zgHjHOzG8JtH6+Dkp4+/iByL//

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21d65ecebb8ef4f8ebde7dee958a64e6_JaffaCakes118

Files

21d65ecebb8ef4f8ebde7dee958a64e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8be8e19829a1648b0559498bd4143ae0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

gdi32

TextOutA

comdlg32

GetOpenFileNameA

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

shell32

Shell_NotifyIconA

comctl32

ImageList_Create

oledlg

ord8

ole32

CoGetClassObject

olepro32

ord253

oleaut32

SysAllocStringLen

wsock32

WSACleanup

wininet

InternetCloseHandle

Sections

.text
Size: - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8be8e19829a1648b0559498bd4143ae0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

wininet

Sections

.text Size: - Virtual size: 298KB

.rdata Size: - Virtual size: 62KB

.data Size: - Virtual size: 41KB

.rsrc Size: 20KB - Virtual size: 43KB

.vmp0 Size: - Virtual size: 325KB

.vmp1 Size: 508KB - Virtual size: 505KB

.text
Size: - Virtual size: 298KB

.rdata
Size: - Virtual size: 62KB

.data
Size: - Virtual size: 41KB

.rsrc
Size: 20KB - Virtual size: 43KB

.vmp0
Size: - Virtual size: 325KB

.vmp1
Size: 508KB - Virtual size: 505KB