309dba583be0bf7c91daa0dca4474a26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

309dba583be0bf7c91daa0dca4474a26_JaffaCakes118
Size

1.1MB
MD5

309dba583be0bf7c91daa0dca4474a26
SHA1

5fe6497380c1efad61e67919875eead3a5e2a11b
SHA256

4755f447216dc6bbf92e03690e480a9f21489542723cee1d1faca8be5b228977
SHA512

fb2ca8779c07276fafd24a858e1e1a0faaa84ee4e68e6b5ccb2602bd94650fa1d91217d5380feb67c33de445df0b6adb2aaf39af396bd95d5e65d2b340e009c5
SSDEEP

24576:ZgBqjhrdTALQK7mc9EmKeJ/KafB2/WsLW9J1BG6bDMDVBZN0b:ZFdrFaB9EmKec+B2/D6l5bAzZN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309dba583be0bf7c91daa0dca4474a26_JaffaCakes118

Files

309dba583be0bf7c91daa0dca4474a26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d697f83e69e76da5a8f87ec4587530b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamStop

ws2_32

recv

kernel32

GetVersion
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

ClientToScreen
MessageBoxA

gdi32

ExtSelectClipRgn

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

OleIsCurrentClipboard

oleaut32

SysAllocStringLen

odbc32

ord18

comctl32

ImageList_Destroy

oledlg

ord8

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d697f83e69e76da5a8f87ec4587530b2

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 577KB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 261KB

.rsrc Size: 12KB - Virtual size: 24KB

.vmp0 Size: - Virtual size: 152KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 224B

.text
Size: - Virtual size: 577KB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 261KB

.rsrc
Size: 12KB - Virtual size: 24KB

.vmp0
Size: - Virtual size: 152KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 224B