26e03c1d5108ff4ee205c36f24a10672_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26e03c1d5108ff4ee205c36f24a10672_JaffaCakes118
Size

1.1MB
MD5

26e03c1d5108ff4ee205c36f24a10672
SHA1

da6a33dfdb35ccc085f627fd077314d3154d4051
SHA256

71099952dc192dccfbdb20f45cf68573a8e07b93086f5e6b6849b25091e68ebe
SHA512

a6edac5ab7c62501e82df637d8c8d45fb7613a7f712192e51a7ed5feb16c3bc9555f650cc195f3068adbebaf57d341f52afcd083fee98a9548d11426dff30b87
SSDEEP

24576:/U+RTOMCfjDEXMy5/zFJDtBA0R4bVSs+zQB2/NscSklEaQ:/JefTOFbR4JSs+zN/c/T

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e03c1d5108ff4ee205c36f24a10672_JaffaCakes118

Files

26e03c1d5108ff4ee205c36f24a10672_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca2e1c641774c52de4cb28b2b4e801ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
rtcSaveSetting
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaGosubReturn
__vbaLineInputStr
rtcRgb
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
rtcAnsiValueBstr
_adj_fprem1
__vbaRecAnsiToUni
rtcLowerCaseVar
rtcGetObject
__vbaStrCat
__vbaLsetFixstr
rtcVarFromFormatVar
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
rtcRandomNext
__vbaExitProc
rtcRandomize
__vbaOnError
__vbaObjSet
rtcMsgBox
_adj_fdiv_m16i
GetMemStr
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
rtcDoEvents
__vbaFpR4
__vbaBoolVar
rtcTrimVar
rtcLeftTrimVar
PutMemStr
__vbaVarTstLt
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
rtcMidCharBstr
__vbaErase
rtcMidCharVar
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaR4Str
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
rtcShell
__vbaUI1I2
rtcArray
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
rtcSplit
__vbaPrintFile
__vbaStrToUnicode
__vbaInputFile
rtcReplace
rtcStringBstr
_adj_fprem
_adj_fdivr_m64
__vbaGosub
rtcRound
rtcStringVar
__vbaI2Str
rtcVarBstrFromAnsi
__vbaFPException
rtcStrConvVar2
__vbaInStrVar
GetMemEvent
__vbaStrVarVal
__vbaUbound
rtcBeep
__vbaVarCat
rtcGetTimer
rtcStrFromVar
__vbaI2Var
rtcBstrFromAnsi
VarPtr
rtcDir
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaVarLateMemCallLdRf
rtcFreeFile
__vbaNew2
__vbaR8Str
__vbaInStr
rtcEndOfFile
_adj_fdiv_m32i
_adj_fdivr_m32i
rtcHexVarFromVar
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
rtcErrObj
ThunRTMain
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
rtcGetSetting
__vbaVarCmpEq
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
PutMemEvent
rtcGetTimeVar
__vbaStrToAnsi
__vbaVarDup
SetMemEvent
__vbaFpI2
__vbaVarLateMemCallLd
__vbaFpI4
rtcLeftCharBstr
__vbaVarCopy
rtcLeftCharVar
_CIatan
rtcRightCharBstr
__vbaCastObj
__vbaStrMove
__vbaAryCopy
__vbaForEachVar
__vbaStrVarCopy
__vbaR8IntI4
rtcRightCharVar
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
rtcR8ValFromBstr

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

�0��'�+��T��ca�l8J�nq� �-H��H�{��q�,s�a��M!�:��?Β�{ma��G�׿�_q(mU�1j��]��>�� mk�bBSeҮaG;'c�_nlWE�L��%s镊sp�o��<�n��f�@lG�d��Tا��"��+��V��55_��1��`�=x��9.��<�j6��F\.�� !<3�i*2�Y�)�IV�0�ס &-��,��$�tZ<�$D�U@��uN�lC`܊6>M��yxt'��" f*�a�l�ȣ�86x/�;��q6r��Z ��z��4��gq�垡l��z�,kWw!��*��ץ�A^.�3�{�a�8�Y�_��\c��L��cy\J�8��Z�5m�k#bb�� whb�Ê�� {��bgꓝ��d��_w��R̤��$�� !�j.�}k�t��b��t��\��6tI��;��^��]"�8m#�o�F%�0�%��F�[�x��3�y[��*�f�mY(v��91� �9�s X#;:4�u��F�B� /�+�$f� [�~��ٛ�I�Id�"a�ҭO��J��o�=O}:f�$��@��h��&�D_~K�:k�rrbZ�|b��U��oI )d7�q��R�� $(��a��t��S��ΧVR0�ȕ�y��#��F+��3�m �]�BV0��8�P��U�n�A�=HP�M�h��sWj��<d� �8r�c!�+�M��F06�,U��4e�!��J̴#��;�,�P��=)� t��;��h��O�c��z��@��Ҕ".��y�?E k�;hs\cF�ݸGm@�^FbJ�Ǌ��O��Ȅf뉂u�1g��N�\�;r��P�Ľ%�So�[��{��n��c�>�;�� _v�L��n?�^Z��∵� )Y��L��D��V�%��.��c�/��Xv�" �*��8��v��{�"%��1�R� t#MG��ΖE��)�$ ��?��)��`\��^ɦ�5�"�Qo�M�b�PM�ʂ�3է��{�3D��I5��qV?Q��_ �V��x̻��C^��-�� F�6�(�מ��(�I�Y�1��oO�ɱ9#� ��7��\��ۧڰ3vv#0��0xF�� G��1(�e�}_�s��: _2OG�g)�EW�:�C/�U��tZ�g�g��^~��=bA,��^��)2�i��ܣ��^��@��#�~'7��K��A��G��T��V1.y6��h�� ȈF�bX6��W�+5�� #�w�F�w4�BH<ڰg�n��2�Z��pr��;r�3 ��Nv��\�ɞ��8��ў��\ȕ�`x��3}��3"��%�mI ��H�.\ b�/�+\R��ޥ!�;��X��z��W4��<��&� ٞ��f7�o9w�i�+��h��RyZe)�olp��J+��d-��l��X�UI��'U��5|�U�d��Bh��p8j��`x��k��MPE�ݍ��f^��2��`&}�g�耖��L� ��M��Ѿ"�k��E�\�|T��ڿ�eO�ҳ�*S��g<%+ L�; 5R�W��T�h W�S�h�y\��%X��q90R;_+.��(�S�&2�CEY��񏲬W0�HJ�Q��ٹ��b4f *ubW��rR��,Pb�F g^�a<��e��x��2D�Kyr�d:�fHO��T8��\��7��S'kZ2�W��6�B-��F5�mk3�}.��],�Lv�� ¹�o�� {��HI�=X�a`�T�]G�H��r�a�/��L�*�2�*)��$��>H��_`_2�{s�L J�Py�n ��!*�zx1%[5��]��J��jW�0�R��e��.�l��Y��%�W��Q��f�l�t_|b7�q.��q�J��;��,��é寝�U"<8yj¨шz�ۇt%�+U��% >�?xe ��$��2\-�Tc��iv8�R�b�R��*>�j��^"c]_>�+� ��`.�q��bP&HpW��d��G:�P�Erpl�7�79��C��#��^e��P׵_C��S��Ɲ;�<Dgý��) ��B��vwG�P�n��g�m�d+*6�P��eF2}�� a��@�vQ��3S��]��Z#\E�� Yg<Tzg�)3�@�=p��pC�� t�yB��3��vd+51�m`5�=�6�>��ɏL��*��c��c��}#��C"�7eu�.|L�X8��ya�[��{ ��=��v�I��w��0�=�J8�qH*O��rd�W��7H�.�Ui ��-�].C��b>�O|�N��O��^��R��w��M�uu�a��}�re�jЄ��:Q�S�_��@KU1'�Ǻk]�oȜ8�K�D>޺ֺQi�X��Dj.��ԩ�!�(�F��l# ��?��)��ls��NI,��R��B��LG��'6�D��O��/wm',��G� �3��˄Y�nKe�t_�w�dd6��YH�0{h��ǧ0(X߀�m��!3Ym$�C/I�f�*$��%Zr�(o=��.�K�38��DL��&�j�YRh2��p��"}N��l��e<��1Q�t?[��8�=�os��B[�&��t��%�v�}�Y�%CV��b�AI��I��^p��Y�"�|� ⪂�F#r��M��:��%�O�~��D��שNFQ��\�?��p��E�;�⍇�x 0|�>��K��h�ē��X�iX��9�� :�^AԽ�?t�Vp�.gA*��A�PE��[��5��\��"�\ưK�

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 24B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mackt
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca2e1c641774c52de4cb28b2b4e801ec

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 35KB

.v-lizer Size: 4KB - Virtual size: 38KB

.vmp0 Size: - Virtual size: 120KB

.tls Size: 24B - Virtual size: 24B

.vmp1 Size: - Virtual size: 519KB

.vmp0 Size: - Virtual size: 156B

.mackt Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 12KB

.vmp2 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 184B

.text
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 35KB

.v-lizer
Size: 4KB - Virtual size: 38KB

.vmp0
Size: - Virtual size: 120KB

.tls
Size: 24B - Virtual size: 24B

.vmp1
Size: - Virtual size: 519KB

.vmp0
Size: - Virtual size: 156B

.mackt
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 12KB

.vmp2
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 184B