33914f0c24e93e0351ed69e06d2fdbc0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33914f0c24e93e0351ed69e06d2fdbc0_JaffaCakes118
Size

159KB
MD5

33914f0c24e93e0351ed69e06d2fdbc0
SHA1

38f2b1879c9c195d6641ed534f7b035fec6e33c8
SHA256

d1542cae535c3a56bd973f742b013453c3838786e81c9e42ef5cbcbbf0338856
SHA512

8543c0e0389215b426fc33a5ea2ad3bebab11b4580548a4695c1f9d781106fbd97fbd660914ed2ce8afa24cb92cccc7bf2190eb5d195e5545b4acf961426d565
SSDEEP

3072:WEu5vu8TzQ9ZSWv4mbIrUhYh9qpULQzDszX7VYEh7Ye7RoVvCZZmVd6o:+Nu8w94Wv4m6CzS7VYEhPavCQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33914f0c24e93e0351ed69e06d2fdbc0_JaffaCakes118

Files

33914f0c24e93e0351ed69e06d2fdbc0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

27991f0fdd56434d67877cac63b95786

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

FindWindowW

gdi32

DeleteObject

advapi32

RegCloseKey

shell32

ShellExecuteA

opengl32

glIsEnabled

version

VerQueryValueA

iphlpapi

GetAdaptersInfo

ntdll

atoi

msvcr90

??3@YAXPAX@Z

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27991f0fdd56434d67877cac63b95786

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

version

iphlpapi

ntdll

msvcr90

Sections

.text Size: - Virtual size: 27KB

.rdata Size: - Virtual size: 11KB

.data Size: - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 103KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 156KB - Virtual size: 156KB

.reloc Size: 512B - Virtual size: 104B

.text
Size: - Virtual size: 27KB

.rdata
Size: - Virtual size: 11KB

.data
Size: - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 103KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 156KB - Virtual size: 156KB

.reloc
Size: 512B - Virtual size: 104B