306c0c6291f9c0ae979ea9435bf7526b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

306c0c6291f9c0ae979ea9435bf7526b_JaffaCakes118
Size

84KB
MD5

306c0c6291f9c0ae979ea9435bf7526b
SHA1

67647f13edb7e9e23dda1e1259bcc79dc212e416
SHA256

cb06517e92e85d1db68f85485acbf70bbb219d6f380b02d4bb1f9c602c13c6d4
SHA512

339b14ad99b208de35f27cd12a49449581438b3141deeedb3ef3dea7b535d746f1d43c55b00f91a5b2de5d4fbf41d5fe0b8e5a687f109c8d8462187dd2ecc52f
SSDEEP

1536:yl+yU6gIBOqUswa8VLiW/W63V7255+zN5lOYUCH8sh:yl+yUOBFpwa8VLZW6lqbYPOy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
306c0c6291f9c0ae979ea9435bf7526b_JaffaCakes118

Files

306c0c6291f9c0ae979ea9435bf7526b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1614033189c8087a53ec35d390c307d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
TerminateThread
FreeLibrary
WriteFile
CreateFileA
ReadFile
GetModuleHandleA
GetLocalTime
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetFileAttributesA
DeleteFileA
LocalAlloc
LocalFree
GetCurrentProcess
LoadLibraryA
GetProcAddress
InterlockedExchange
OpenProcess
TerminateProcess
GetComputerNameA
GetVersionExA
GetDriveTypeA
GetDiskFreeSpaceExA
GlobalMemoryStatus
GetCurrentThreadId
GetTickCount
GetLastError
ExitProcess
WaitForSingleObject
CloseHandle
CreateThread
Sleep
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
GetSystemMetrics
SetThreadDesktop
OpenDesktopA
SendMessageA
CloseWindow
CreateWindowExA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
CloseWindowStation
IsWindow
ToAscii
GetKeyboardState
GetKeyNameTextA
GetWindowTextA
GetActiveWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
ExitWindowsEx
TranslateMessage
DispatchMessageA
GetMessageA
UpdateWindow
RegisterClassA
LoadCursorA
LoadIconA
DefWindowProcA
wsprintfA
MessageBoxA

gdi32

StartDocA
StartPage
EndPage
EndDoc
GetStockObject
DeleteObject
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA

winspool.drv

EnumPrintersA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
EnumServicesStatusA
QueryServiceConfigA
QueryServiceConfig2A
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
CloseServiceHandle

shell32

ShellExecuteA

ws2_32

gethostbyname
htons
send
WSAStartup
socket
WSAGetLastError
closesocket
connect
recv

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

winmm

mixerSetControlDetails
mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetControlDetailsA
mixerGetLineControlsA

msvcrt

fopen
fseek
_strtime
_strdate
fprintf
fclose
__CxxFrameHandler
_controlfp
_ftol
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
printf
_CxxThrowException
fputc
exit
malloc
free
fread
fwrite
fgetc
scanf
??1type_info@@UAE@XZ
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_except_handler3
__set_app_type
atoi

Sections

.text
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xiaohui
Size: - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1614033189c8087a53ec35d390c307d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ws2_32

avicap32

wininet

winmm

msvcrt

Sections

.text Size: - Virtual size: 38KB

.rdata Size: - Virtual size: 15KB

.data Size: - Virtual size: 41KB

xiaohui Size: - Virtual size: 32B

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 76KB - Virtual size: 73KB

.reloc Size: 4KB - Virtual size: 132B

.text
Size: - Virtual size: 38KB

.rdata
Size: - Virtual size: 15KB

.data
Size: - Virtual size: 41KB

xiaohui
Size: - Virtual size: 32B

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 76KB - Virtual size: 73KB

.reloc
Size: 4KB - Virtual size: 132B