21b398809cbc1f760b3583500ce510af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21b398809cbc1f760b3583500ce510af_JaffaCakes118
Size

1.3MB
MD5

21b398809cbc1f760b3583500ce510af
SHA1

6499536ae87fa6a20666592995a4ccaf0ed3157d
SHA256

4333fb14148566daebeef6ff1e6af4be03138ca845728fa6ead1c06499414298
SHA512

8e0a8669c7a0941359050634a9d9cb8d63bf41fedc2fab638a76a9dcc00e34c634fe602e03e2bdc205908f90472c2195cc6570551c3031b22be371207aeb74f5
SSDEEP

24576:KlOmPEnlcYlTtcF16AUVPElYs22FeFbSfuo5OElm9gcef9TfH1tYwC3bg0+pmg6a:KRMljlxP7VqSBxtYWg3v1g4kg6a

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21b398809cbc1f760b3583500ce510af_JaffaCakes118

Files

21b398809cbc1f760b3583500ce510af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7d7b9e29260cc56a0fe72c61bb24f94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

kernel32

FreeEnvironmentStringsW
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetSysColorBrush
MessageBoxA

gdi32

SetDIBitsToDevice

winmm

midiStreamRestart

winspool.drv

ClosePrinter

comdlg32

ChooseColorA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

StgCreateDocfileOnILockBytes

oleaut32

VariantCopy

comctl32

_TrackMouseEvent

oledlg

ord8

ws2_32

getpeername

Sections

.text
Size: - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 858KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7d7b9e29260cc56a0fe72c61bb24f94

Headers

File Characteristics

Imports

msvfw32

avifil32

kernel32

user32

gdi32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

Sections

.text Size: - Virtual size: 507KB

.rdata Size: - Virtual size: 858KB

.data Size: - Virtual size: 196KB

.rsrc Size: 36KB - Virtual size: 55KB

.vmp0 Size: - Virtual size: 148KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 4KB - Virtual size: 284B

.text
Size: - Virtual size: 507KB

.rdata
Size: - Virtual size: 858KB

.data
Size: - Virtual size: 196KB

.rsrc
Size: 36KB - Virtual size: 55KB

.vmp0
Size: - Virtual size: 148KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 4KB - Virtual size: 284B