3510f38c042b3a62d9e2308dd77cb8ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3510f38c042b3a62d9e2308dd77cb8ab_JaffaCakes118
Size

356KB
MD5

3510f38c042b3a62d9e2308dd77cb8ab
SHA1

92ebd91dce6df5e15d681b21d2910429c1865135
SHA256

2d95f5fa335729a60eca3011bf99eb7a3f436c1960ec6246dd44a148ed86cf8c
SHA512

aa56cb0d047af6aaf14ff5bff832761e23f96274c7ac2931f98d701809a692a7665a866d2f7bd0da6a046ccf1fc78890fbc32b0273887104aa908102d017f9e8
SSDEEP

6144:pMqnWxtkw2ta6avkk9mmmjhM+pSidjOh+aarXLz9LV29LoqbKkISa/75h:p5Wx2femjhvgidjyarLhZ2QBrz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3510f38c042b3a62d9e2308dd77cb8ab_JaffaCakes118

Files

3510f38c042b3a62d9e2308dd77cb8ab_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ebea9fdaf48b1b02feca0c770bed522d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

ScaleViewportExtEx

winspool.drv

OpenPrinterW

advapi32

RegSetValueExW

shell32

ShellExecuteW

shlwapi

PathFindFileNameW

oleaut32

VariantChangeType

Sections

.text
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebea9fdaf48b1b02feca0c770bed522d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: - Virtual size: 148KB

.rdata Size: - Virtual size: 36KB

.data Size: - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 12KB

.vmp0 Size: - Virtual size: 27KB

.vmp1 Size: - Virtual size: 218KB

.vmp2 Size: 351KB - Virtual size: 350KB

.reloc Size: 512B - Virtual size: 96B

.text
Size: - Virtual size: 148KB

.rdata
Size: - Virtual size: 36KB

.data
Size: - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 12KB

.vmp0
Size: - Virtual size: 27KB

.vmp1
Size: - Virtual size: 218KB

.vmp2
Size: 351KB - Virtual size: 350KB

.reloc
Size: 512B - Virtual size: 96B