244a759dbf6805560ac7d18c07572e87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

244a759dbf6805560ac7d18c07572e87_JaffaCakes118
Size

624KB
MD5

244a759dbf6805560ac7d18c07572e87
SHA1

196230fc2cb94c7d534c685c4be663fc065b4697
SHA256

f52c7e75477d450a66a92fa8bd4700b28143161ddb4e3f952ff72bbc7799ef70
SHA512

800af8ab03aac887a76c9025c783c6b87cb9da8900d5e0ea036135242d5abed6c9868ddd08563477fbf53cb99d7ed7b829716ba1f4b211f480e673019131f117
SSDEEP

12288:IPUH/xFMp3dRpBFCyqXYG/qTZ+I1ZXNULtj5aV3gMIH9dLrwgbsupOx:1Hb4dR9Cy/G/QcIDXN8naV3gMeN/O

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
244a759dbf6805560ac7d18c07572e87_JaffaCakes118

Files

244a759dbf6805560ac7d18c07572e87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d96edfd157aac38a7f8e15b9df5bb4e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

uskin

ord2
ord1

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetErrorMode
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
lstrcmpA
RaiseException
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
WaitForSingleObject
GetCurrentThreadId
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateProcessA
GetTickCount
Sleep
GetModuleFileNameA
OpenProcess
GetModuleHandleA
GetProcAddress
CloseHandle
ExitProcess
GetSystemDirectoryA
CreateThread
CompareStringW
CompareStringA
GetCPInfo
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
QueryPerformanceCounter
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA
PostThreadMessageA
InsertMenuItemA
BringWindowToTop
SetMenu
TranslateAcceleratorA
ReleaseCapture
LoadCursorA
SetCapture
SetWindowRgn
IsRectEmpty
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
EndDialog
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetRectEmpty
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
ReuseDDElParam
GetWindowPlacement
PtInRect
GetWindow
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuStringA
DestroyMenu
wsprintfA
FindWindowA
GetWindowThreadProcessId
LoadIconA
KillTimer
SetTimer
IsIconic
GetSystemMenu
DrawIcon
GetForegroundWindow
MessageBoxA
DestroyCursor
GetIconInfo
CreateIconIndirect
PostMessageA
SetCursor
IsMenu
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
OffsetRect
SetParent
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
InflateRect
DrawStateA
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
GetSysColorBrush
GetSysColor
DrawIconEx
DestroyIcon
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
LockWindowUpdate
GetDCEx
LoadMenuA
SetScrollInfo
UnpackDDElParam
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
CharUpperA
IntersectRect
LoadAcceleratorsA
GetScrollInfo

gdi32

StretchDIBits
GetCharWidthA
CreateFontA
GetBkColor
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
GetTextColor
ExcludeClipRect
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
MoveToEx
LineTo
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush
GetRgnBox
CreatePen
GetTextExtentPoint32W
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
IntersectClipRect

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo

shlwapi

PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringLen
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantClear

winmm

PlaySoundA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetOpenUrlA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

ws2_32

socket
inet_addr
WSACleanup
WSAGetLastError
WSACancelBlockingCall
WSAStartup
connect
setsockopt
bind
listen
getsockname
ioctlsocket
closesocket
recv
send
select
__WSAFDIsSet
gethostbyname
inet_ntoa

Exports

Exports

t�)��7L��C��":V�߉^��q4�k0��d��\��Qxg�'Y�nM&�w� �� W�C�dajl�jB>b�&>��9w!9��}N�eI��O��У��7!4��>8T9�U��:#ص,�UF)52xKDy�n_a�m��Ɔ1��f�&�t��(�-��u�Q=�F�&��bu-JŘ�3 sE�cj�ŉg�4�!��D:��@,??�S�1��vSM -��Q�t� \.|�e��sCS-��:xE��P��J{B�3�pG�sg9t�r��9O N�J�F�>��dS�չ�B��-p��/#.�(yʾ��L(.7VFM�6|a��"Rr��H��V�䆚@��# ��"��$+��u��[@|�<��A9#��4d��PB��֌X�Կp��v��3b��\��D;�X�K�\C3�Qsmd�I`�,U��ָş��:6�-]��7OP@�IW\�� B��>go��_��Y�=�@��!�Lt�Q(:��A<�k��LEn1' ��`��=��ȢA�� ©��i�_H�'r��$�a/(#ڜ�2�n�8��/[��3�P2�.l�5��hZY׺�{PGBۏw��j��i\Hĝ�f��焵��͉�(�~��7��gq�Ţwی��&T.p�GX�;!M��9d�=��~jQS��W�a��؅�M��/Q�S[t.ؤ�6��$��#: ��/�bT>�1h��d(/O}CG�)� w��Z�1�äKB�Ӷ�q��0��S�;/g ��:;��m�so>��#Iׅx��6!XC_�Dm)a)��'�n��2ɨ��ntwƩ�͜��])��x)��dY�KW��f��{:NB��0,��v��%JZ�*�J��b�-U�h��r�s鍨� |�ِ��c+k�ʳ�)3+q�/ʚ�H��q^��S}��c��*�ԍ9�y��/�^j��5�V۰� PJ�>�d��Mq�=�� !�Ȼ��1'u��.�̐e��ՌB�z�&6��d3��ȲG��e�� d�i�?q�ئg��hV��vjE��EPco*��n��WpT�섆��7��3�;�B5!��$�h�,�r��_��ҰZ3�T�ғ�H��}��1��T��ц�s��ܦ`��3:�S�T�Vr��Q�I7ǟޖ7ҹѐ�~L��[\E:�,^�q�j�m <�䮩�{z��IR�F�(�� ̔t�r֌)�74�$h�#�Z��0�,�8%V��h�~ÛQ�� i��0'��?/#��ၧ+�x[V�U;c?Ok��@�G�m�l�R6�;��`}��t�c�mh�b�� *S��<X�?�@@5�DNVz�P�!��6Ө��]��<`\�f��ø*�^��W�('�T�A)�~a�*u~�x�g}n�� B?w��A��c�e��L�_6�NI��-�x~��c��~�8��5��ٍ�hh�~{��P�R6鋤F�q ��1��\`M��<֋��)��|�3��s��;��u�wpC�*�X:�OG`y�~��hiv�[s�)T��f�%V�9��}#-�Xv�駝x8p��3��H��O5��/?��g��`?+�.�bT2o*��_�}��e�ZVЀ*x1��/:�LR��rߜ�N� �YL5-��Nc� �{��r��z�T9Bp��f�2<��\7�%�#Du6m'�vIfF��K��/�I-ch_� �]+��91$9��0��bPLY�t"I� 1ҁ��o�U�d_�'��M��C�)6K,Z�eC=�b}�ȖgIG��~1S<�B�4��{��~�q��ttN�� }�Į �(�,�W�-xͿ��.��&F/ma��a��AB�+��4�һ<�NR�R�s!�Z�eC�t�.�HZ��d��(B8]��Nں��Tw�_+��4�>ހjȥ�'��c�]3��oΓ�� P�6�4laf�V��wǸq��?#��>|�,Z\��>vB��T��w�[��ȨG|�)&�� '8�Q햧oS�]��@I2�/�Qo�H�i}�� W�%=_ �fk�%d�q)1��ǎ�.�ܕ��Fƻ�݃�i=��h�Z�.�٠��\1��e4Qe;�>��g3��6ս��e|��p~�zy�U��{�ݪ:��h��6��w��;yQ�ya�\��v�%�g�j�,s�L�b�[��ѯ.��DDO_�� `�͑!߱��,��2敏W45"�^��X��b��WCypx:~g��x|Bjq��X�n� "]�H"wR�UKa��М��\�%��3YδóҲ�W�<U��)��v��C�4jɮ|y�߄aS��Ku�?u�g��6i�>�J��2'�'�Ӱ�%�� 79u��K��'�>��bh��SB�X��O'pq�z��U�H�֕n�&[��x<J^��Qth��ԟ��;��ߠH��i#�C�"��|�lq{;��rQ=�s�O_a��*s��Txԁ�g�l�)J^��u<;�M��.��s��񿏧i�`z3�?�苯��MçC��a�NyA굝WT/ǯ�c��e�9��_5�$b��6�[��F��D�wB~��u�nJ?�E��q{� Bi�g+�0l��u=߲,`�W�jg�1#T5Ex��h��0�4s�]��8P��#�{�8��E�5��sLwCiA�Di^��ǚ��I�cSu'��X��SYت`�:- � ��ud)��f�pi�RQ�z��,Df6[q�76�j�!- ��n@P_[� +r8YB��Fy03_N��"?8^�fEk�I�/=��R��y<��#��ԛtEt�¤s�I��];p�2E qW�r7S=$��53��я��.�D��X�O �^�< ڼS�

Sections

.text
Size: - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d96edfd157aac38a7f8e15b9df5bb4e3

Headers

File Characteristics

Imports

psapi

uskin

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

wininet

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 291KB

.rdata Size: - Virtual size: 71KB

.data Size: - Virtual size: 34KB

.rsrc Size: 28KB - Virtual size: 40KB

.vmp0 Size: - Virtual size: 409KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 584KB - Virtual size: 582KB

.reloc Size: 4KB - Virtual size: 236B

.text
Size: - Virtual size: 291KB

.rdata
Size: - Virtual size: 71KB

.data
Size: - Virtual size: 34KB

.rsrc
Size: 28KB - Virtual size: 40KB

.vmp0
Size: - Virtual size: 409KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 584KB - Virtual size: 582KB

.reloc
Size: 4KB - Virtual size: 236B