2bc85969badaed08c9fd679500696f5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bc85969badaed08c9fd679500696f5b_JaffaCakes118
Size

216KB
MD5

2bc85969badaed08c9fd679500696f5b
SHA1

f3dbd8314e07b75c76c3741fc18aa1db2b7468fa
SHA256

cce093d9e7b6d71a472cc72f907b2ff749a6769d1ce4371200f4815f37470309
SHA512

63294583484c6eed4e4456faab48fb2b6f132c5c76f969e77e9c087d42f883914345c1e27ce21c9a9bb1958770ebf1e911c5d3990ff6a3cf58e66791d6a5641f
SSDEEP

6144:4LKvz4viFwTM3D3mUOQsRmsrgU7Z2Lyl:4acviFw4ERmsrC0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bc85969badaed08c9fd679500696f5b_JaffaCakes118

Files

2bc85969badaed08c9fd679500696f5b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1a135c4af901815b87aed2f624df7a8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord692
ord616
ord3663
ord3626
ord640
ord2414
ord3571
ord2301
ord2302
ord4234
ord4710
ord5951
ord4055
ord3095
ord2379
ord6199
ord823
ord2818
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord4424
ord3738
ord815
ord4837
ord1980
ord2770
ord356
ord561
ord6215
ord1200
ord2086
ord6467
ord2725
ord2411
ord2023
ord4218
ord2578
ord6055
ord1776
ord4398
ord5290
ord3402
ord3582
ord567
ord3098
ord3873
ord5953
ord323
ord3693
ord2405
ord4133
ord4297
ord5788
ord5787
ord1641
ord283
ord2859
ord3092
ord5875
ord1640
ord472
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord4224
ord860
ord2587
ord4406
ord3729
ord804
ord4267
ord6785
ord6197
ord6379
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord535
ord537
ord2915
ord858
ord540
ord2614
ord800
ord668
ord825
ord1116

msvcrt

__dllonexit
_onexit
free
_initterm
??1type_info@@UAE@XZ
_adjust_fdiv
sprintf
strstr
_EH_prolog
_ftol
atoi
??1exception@@UAE@XZ
malloc
__CxxFrameHandler

kernel32

LocalFree
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetLastError
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
CloseHandle
Module32Next
Thread32Next
Process32Next
GetModuleHandleA
GetProcAddress
VirtualProtect
VirtualProtectEx
LocalAlloc

user32

PeekMessageA
PtInRect
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsDlgButtonChecked
IsWindowVisible
GetWindowRect
GetDC
MessageBoxA
SetTimer
EnableWindow
GetDlgItem
SendMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetClientRect
MessageBeep
ClientToScreen
TranslateMessage
DispatchMessageA

gdi32

StretchBlt
CreatePen
Rectangle
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
Ellipse
SetPixel

msvcirt

?close@fstream@@QAEXXZ
??1fstream@@UAE@XZ
??1ios@@UAE@XZ
??_Dfstream@@QAEXXZ
??0fstream@@QAE@XZ

msvcp60

??_7bad_alloc@std@@6B@
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1bad_alloc@std@@UAE@XZ

winmm

PlaySoundA

Exports

Exports

InitHookApi
InitWindow

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyShare
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a135c4af901815b87aed2f624df7a8b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

msvcirt

msvcp60

winmm

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 2.0MB

MyShare Size: 4KB - Virtual size: 340B

.rsrc Size: 12KB - Virtual size: 9KB

.vmp0 Size: 16KB - Virtual size: 14KB

.vmp1 Size: 40KB - Virtual size: 37KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 2.0MB

MyShare
Size: 4KB - Virtual size: 340B

.rsrc
Size: 12KB - Virtual size: 9KB

.vmp0
Size: 16KB - Virtual size: 14KB

.vmp1
Size: 40KB - Virtual size: 37KB

.reloc
Size: 12KB - Virtual size: 8KB