2930065a8d117e3638b6079dacd52943_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2930065a8d117e3638b6079dacd52943_JaffaCakes118
Size

58KB
MD5

2930065a8d117e3638b6079dacd52943
SHA1

5a4ffd02b2b0742d7c60048d2dc2873fade93d50
SHA256

5d213b7cf8ca23c97220fa57ab18e018251877330168cf5279a789e5ad2ce2c5
SHA512

8066c117d29e003a8619c2cfc01162099a57064fe1a4f3eedb7c93795aa443bfab4c7d9f1c911ac81634ab64115b487e60ddc251abb48391bb4fcd3ddcf6c338
SSDEEP

1536:j7y6gSwwoD+xTR+aW7seNp5CUJc06HxQJsGhdhI:pgtwos+97BvXJPEOhbI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2930065a8d117e3638b6079dacd52943_JaffaCakes118

Files

2930065a8d117e3638b6079dacd52943_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0a418f50b17028aa5c87df1dc1102d70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
SetFileAttributesA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
SetErrorMode
GetLogicalDriveStringsA
GetComputerNameA
GetVersionExA
PeekNamedPipe
CreatePipe
GetSystemDirectoryA
GetTempPathA
GetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CompareStringA
ExitThread
CreateRemoteThread
WriteProcessMemory
CreateThread
VirtualAllocEx
CreateDirectoryA
MoveFileA
GetExitCodeProcess
CreateProcessA
OpenProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
ReadFile
WriteFile
SetFilePointer
CreateFileA
DeleteFileA
GetModuleFileNameA
lstrcpyA
lstrcmpA
GetTickCount
Sleep
VirtualProtect

user32

GetKeyboardType
MessageBoxA
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
ReleaseDC
GetDC
GetSystemMetrics
WindowFromPoint
SetCapture
GetCursorPos
SetCursorPos
OpenDesktopA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
GetWindowRect
EnableMenuItem
GetSystemMenu
MapVirtualKeyA
mouse_event
keybd_event
EnumWindows
IsWindowVisible
GetWindowTextA
IsWindow
DestroyWindow
CreateWindowExA
RegisterClassA
GetClassInfoA
GetWindowThreadProcessId
FindWindowA
SendMessageA
ShowWindow
GetMessageA
PostQuitMessage
PostMessageA
PostThreadMessageA
ExitWindowsEx
DispatchMessageA
TranslateMessage
SetTimer
GetDesktopWindow
DefWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CreateServiceA
EnumServicesStatusA
DeleteService
QueryServiceStatus
ControlService
StartServiceA
GetServiceDisplayNameA
CloseServiceHandle
SetServiceStatus
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetUserNameA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
CreateProcessAsUserA
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

oleaut32

SysFreeString
SysReAllocStringLen

wsock32

recv
send
connect
closesocket
shutdown
socket
gethostbyname
getsockname
ioctlsocket
htons
inet_ntoa
inet_addr
WSACleanup
WSAStartup
WSAAsyncSelect
WSAGetLastError

urlmon

URLDownloadToFileA

shell32

ShellExecuteA
SHFileOperationA
SHGetFileInfoA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msacm32

acmStreamPrepareHeader
acmStreamSize
acmStreamOpen
acmStreamReset
acmStreamConvert
acmStreamClose
acmStreamUnprepareHeader

winmm

waveInUnprepareHeader
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInClose
waveInReset
waveInGetDevCapsA
waveInGetNumDevs

gdi32

GetObjectA
GetDIBits
BitBlt
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
GetPaletteEntries
CreateHalftonePalette
GdiFlush

Exports

Exports

ServiceMain
ThemeServiceMain

Sections

CODE
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 66KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a418f50b17028aa5c87df1dc1102d70

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

wsock32

urlmon

shell32

avicap32

msacm32

winmm

gdi32

Exports

Exports

Sections

CODE Size: - Virtual size: 60KB

DATA Size: - Virtual size: 352B

BSS Size: - Virtual size: 66KB

.idata Size: - Virtual size: 5KB

.edata Size: - Virtual size: 100B

.vmp0 Size: - Virtual size: 2KB

.vmp1 Size: - Virtual size: 3KB

.vmp2 Size: 56KB - Virtual size: 56KB

.reloc Size: 1024B - Virtual size: 544B

CODE
Size: - Virtual size: 60KB

DATA
Size: - Virtual size: 352B

BSS
Size: - Virtual size: 66KB

.idata
Size: - Virtual size: 5KB

.edata
Size: - Virtual size: 100B

.vmp0
Size: - Virtual size: 2KB

.vmp1
Size: - Virtual size: 3KB

.vmp2
Size: 56KB - Virtual size: 56KB

.reloc
Size: 1024B - Virtual size: 544B