26480f30cea7fb6d1d3c5580ee297ff5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26480f30cea7fb6d1d3c5580ee297ff5_JaffaCakes118
Size

708KB
MD5

26480f30cea7fb6d1d3c5580ee297ff5
SHA1

ab21f38ff0271360d9207c65a10d71897aaf4b47
SHA256

18f7f5c130935d8a4e158a0a4ae938f046f96afbe9c5b14b01393200ef2a72ce
SHA512

4f98fcedbd3931f5cfe4139ad0e218c6097c66345f4216b0b5b51084ee781f1d84ed8c3b16b99e3deb4dd4de65e60592c05ebe6e30dbe612b8f8cded66dc544a
SSDEEP

12288:OQZLFpkTuJUgKvivs/G0Rr59jbHvoQGwpRefnT2BsY6bIn1VSTp8Dw3zB:OQVDI0UgFk/DjW9n26jTWk9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26480f30cea7fb6d1d3c5580ee297ff5_JaffaCakes118

Files

26480f30cea7fb6d1d3c5580ee297ff5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f60b7cdab281c78d8f510c6f239855f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
ord693
ord694
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaAryRecMove
EVENT_SINK_Invoke
ord513
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
ord629
__vbaError
__vbaBoolErrVar
ord660
__vbaInStrVarB
ord553
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarXor
__vbaAryDestruct
__vbaCyErrVar
__vbaVarIndexLoadRefLock
ord592
__vbaExitProc
ord593
__vbaVarForInit
ord300
__vbaI4Abs
ord594
ord301
__vbaOnError
__vbaObjSet
ord302
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaForEachCollVar
ord520
__vbaStrFixstr
ord307
ord308
__vbaFPFix
ord309
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord631
__vbaErase
__vbaVarZero
ord632
__vbaVarCmpGt
__vbaVargVarMove
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaDateR8
__vbaObjVar
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
ord561
DllFunctionCall
ord563
ord670
__vbaVarOr
__vbaFpUI1
ord564
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
ord310
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
ord312
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
__vbaR4ErrVar
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaR8ErrVar
__vbaFailedFriend
ord607
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
ord535
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaR8Str
__vbaVar2Vec
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarCmpLt
__vbaVarNot
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaInStrB
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
ord614
__vbaAryVarVarg
__vbaFpI2
__vbaVarMod
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaVarCopy
__vbaVarTstGe
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
ord618
__vbaCastObj
__vbaUI1Str
__vbaI2ErrVar
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
ord619
ord542
ord650
_allmul
__vbaLenVarB
__vbaAryRecCopy
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaR8FixI2
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

̽ѼY�,��mU%�VF��O��YPׂ0��bZ�z��:��i��yU�T�w�0�ta ^NL0[ ��[�į�D�kg�>��.,yw��z?�E��bb3��8�p �dn�L�G��[4�`u�/��C�e}O�lZ�,�Tdp�Oک�11-�?��*I�g��L��01F&� �G��!^��8��lV{�r�:��3]qden��4=��]�d9�8��{⺱T])��h��pEP[<��z��H!�Ў��(��W��ɤeB*IM!��xK�3|�0��Y�P��1-��s �1��}�D=tŎ��|��.��a�>�$"�Fl��[ ��0g��J��R��HT�� o��̪��u��D��(��>��^�;~܍ʯߟ��^�]ے4�z��c[Rqɣ)U�,~�W��p�Ȭ�TcQt�&^��%�*3��5{YGQ( �m9�J�\]�C��ٗ��X��<�G*� j�5T��4�G��lδ��L��s�V�<�x(��cU��"s}>`x٪6��à)�M\�+��:R]�I,j�� ;/�z��0;8k0g37��<�9ڸ�bĢ��awM�/v��\2�D� ��+R�ho�]b�tZ��i:Ē��/}mk�A�72�m.��b��!HŁZr=o�U��/�lM�zᔳ��qjD+�Qh�Z��W��>��bx_g��?��M3�vղc�xQ{��gQ�q��/��4��Oۓ�\��!�>��"��|�/��M��\��z�j�y�M�咵�C@��Z�5�**��z�0�-ҥIPȼ��SN��B��Y��Q*�y(@+5B��fa��,Z�Z��1�;Fc�m?= ��f됯�V�%��K�K �>��]�s�4�[E�j�G�"?�=�<Ǣ�)5��ś��v�soO��5��[��i��L��i��=�{4+B4�~�Y��-��P*@'�2��~ j��]��;"��ע�x:��P��JtC��4��\j�7;\�Z.X~��=�%��ԃ�S#$�.�v�c�J@�-Yrڷ'�v�s{z��S��m��P�:�z�ӡDױ�[m�Dv��h�t�`��".Z��*�t0A� .�f5��۵�C�-h�ޏ�� 0��Bb��`�R��!S��v쁢��}�c0��$��l�Np��) ��b�#��裩��.��.(S1]c�zL�^��N�=�<'�� 0�π[!�@��Ҕ�Y��e�� ݺ��T��8�,�_jZ4W1�kH��4Ӥ�@�[Ԍ�#A�:�砺�&"[��tV��b1V��iITw�KX1�;'јN׵��P��4��z��n�s��ft'��Z��B4)��؍wDz�l��` �O͋�&$r��"��͕��{B��3�9:�D��}"��m:i�݁��96�YT�`�b��̀@+�Ean��f3_W�h�9�h��!S]5v�̸�2!��x$R?��־aX�{oCB��J�/�&%�+}7JJ��h�O��N�z�E��9�[g��<9��p��Va�1�=��4�X��x��w)W3ӯ�7��nq��6��J޶I�ƪ��)x��My��6��D9KA~.��A�^c��W��|�E ��S��I^I*��r+�q�Vk��>��/;��v��TL�S9S��o�kM�m�)ϙ��Ǹ�Iib��v��G��V ch��0�lMJ$?q�"�W�n.{�A��{�?�yM��:��LU>��VH��AUލ��M��*�L�W葛��X�3��4��9��8��]yP��`#��N��$@� 5�A��;� HN|��2��J�%oH�+I�c唾p]� :i�Z�LـQ:C� ��'��^d�@�Ӟ ԼB:��Y+&��`�V~=O ux��I��2ӕ��٪�M�.��1�5k��2Q��p��Oޖv��3T��T�S!��:�|�� %�!g��g-^��a�Nc#~��c��`��%�� ܶ*�觙wa w:��o@� q��Gk0KӞ��ޗ�'�}��6ĒB��Lf�T�v��m��{�p�N��Hݑ�� y�j�6Z�P�s+{�7K��2= 3y�t��N7�ߡ�! T0A�a�<��7�N��H��rS��U��*��/��R��IŠ�,;�o�r�N{��(�+��ٸ7�l]�Q�s}9Q��v��eۧ8i�{� |N*[�_�ȰJC��gu�n�I��;�� Fi�o��k�u�ː��n(ֈ@ƪ�_xŊ�>�*�'�� -��6`��r�s� �ު��}�X�eF�\7��,v��C-��/�Gq�~�WL��1 �8�N�G3�Cȫk�$ qiU��.1m��5��g�(�6��M�륿��N8�k9��C�-'��K��S�H�C�� mcL�CH��y@d��n;W��2�"nu��p_��1BD}�e^�G��Zzm~��:�j"R$�W�c]h�2t��#��Ї�o�6H|�lIWf" �V��%b��x=w��J�i�ڍ��K+�~��S4�l��K��Qg0s�PڢU/��E�>S��n��hw.1�)[��b�l�bu�uꎘ�$��+��s�Y��:�^lS��2�)Qg��,k��q�l ��P�!ڊ�%K��U��G�jT?��n��*Xz1�V��M��,R��WL�&(��k{.�ɓ�Y��w-��X_"!gO��U��o|j��d�5T�� v&3s�D�f��-~��WԆ�}�8 �bWptɩ4��C8_�7��9C�%�;=TlT�[̤��ʘe>��Q

Sections

.text
Size: - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 668KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f60b7cdab281c78d8f510c6f239855f0

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 959KB

.data Size: - Virtual size: 21KB

.rsrc Size: 28KB - Virtual size: 29KB

.vmp0 Size: - Virtual size: 304KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 668KB - Virtual size: 664KB

.reloc Size: 4KB - Virtual size: 188B

.text
Size: - Virtual size: 959KB

.data
Size: - Virtual size: 21KB

.rsrc
Size: 28KB - Virtual size: 29KB

.vmp0
Size: - Virtual size: 304KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 668KB - Virtual size: 664KB

.reloc
Size: 4KB - Virtual size: 188B