2a0ecd919dfe2dd0beefe6b2ce210e56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a0ecd919dfe2dd0beefe6b2ce210e56_JaffaCakes118
Size

41KB
MD5

2a0ecd919dfe2dd0beefe6b2ce210e56
SHA1

4e84adcd1350b545fbdcda8a2b9441f1235df913
SHA256

284a93c497c26612938c9834cd7ef30efa1f8c0fb6f65d081236d55b31e327a9
SHA512

b8b84560b4f039162ba7ba41816f5bc0eb21d17b5d8187b0e06f48d4d66a29f047f9ab0058bd4c70b1d963c3696673cdcaf1f768f04f8d27f81026f152bf4e74
SSDEEP

768:pZSj0aV2KEGqI18upBHDFieiwt5EI5mbGNVeeD3byt:Jal3+yHUzwJkSDSt

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a0ecd919dfe2dd0beefe6b2ce210e56_JaffaCakes118

Files

2a0ecd919dfe2dd0beefe6b2ce210e56_JaffaCakes118
.dll windows:4 windows x86 arch:x86

22d25d9797429b2882b194856313951e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
WriteFile
CreateFileA
lstrcmpiA
GetModuleFileNameA
DisableThreadLibraryCalls
CreateThread
SetFileTime
GetFileTime
GetEnvironmentVariableA
Sleep
DeleteFileA
FreeLibraryAndExitThread
ExitProcess
WaitForSingleObject
GetProcAddress
lstrcmpA
ReadFile
SetFilePointer
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
MultiByteToWideChar
GetCurrentProcess
lstrcpyA
FreeLibrary
CreateEventA
LoadLibraryA

user32

wsprintfA
WaitForInputIdle

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetCloseHandle
InternetOpenUrlA

msvcrt

??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm
free
_except_handler3
memcpy
strchr
memset
??3@YAXPAX@Z
__CxxFrameHandler
_EH_prolog

Exports

Exports

DoWorkEx
DoWorkWl

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 536B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d25d9797429b2882b194856313951e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 268B - Virtual size: 4KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 536B - Virtual size: 678B

.vmp0 Size: 12KB - Virtual size: 12KB

.vmp0 Size: 1KB - Virtual size: 1KB

.vmp1 Size: 2KB - Virtual size: 2KB

.vmp0 Size: 2KB - Virtual size: 1KB

.vmp1 Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 268B - Virtual size: 4KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 536B - Virtual size: 678B

.vmp0
Size: 12KB - Virtual size: 12KB

.vmp0
Size: 1KB - Virtual size: 1KB

.vmp1
Size: 2KB - Virtual size: 2KB

.vmp0
Size: 2KB - Virtual size: 1KB

.vmp1
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB