2fe304e5d32679462bc6b18e8e52ff00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fe304e5d32679462bc6b18e8e52ff00_JaffaCakes118
Size

976KB
MD5

2fe304e5d32679462bc6b18e8e52ff00
SHA1

475a67260eedb4765b041fa5c3b1ffb356839984
SHA256

cf3407371685eec94dff910a09eea7589cc37d84f597c046d8dbe3dbf06c05ec
SHA512

4cf5b1ace680cd537fb1136e9581ce326176d84f05133aff540ac332a424538698083070e280cee433a88aad3c8a7be2d26b4307808d4103ee20318b1e4be6e8
SSDEEP

12288:NvjF8H7JSeMr3Jr1qxzSJVWdyHBCTf+YuR4zJPXDOGPTQ/j+wx6TkGE5TJ+WBjPa:Nmbo6z3dywTW4ztTOayKfTrgJ/PtsG+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fe304e5d32679462bc6b18e8e52ff00_JaffaCakes118

Files

2fe304e5d32679462bc6b18e8e52ff00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92c6f9d3a064a2b02d070e3ce2a216ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

GetFullPathNameA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RemovePropA
MessageBoxA

gdi32

SelectClipRgn

winmm

midiStreamClose

winspool.drv

OpenPrinterA

advapi32

RegDeleteValueA

shell32

Shell_NotifyIconA

ole32

CoRevokeClassObject

oleaut32

OleCreateFontIndirect

comctl32

ord17

oledlg

ord8

ws2_32

select

wininet

InternetReadFile

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92c6f9d3a064a2b02d070e3ce2a216ed

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 675KB

.rdata Size: - Virtual size: 196KB

.data Size: - Virtual size: 175KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 461KB

.vmp1 Size: 960KB - Virtual size: 959KB

.text
Size: - Virtual size: 675KB

.rdata
Size: - Virtual size: 196KB

.data
Size: - Virtual size: 175KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 461KB

.vmp1
Size: 960KB - Virtual size: 959KB