374bcbee4fca5bbf2a5bae5414700f26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

374bcbee4fca5bbf2a5bae5414700f26_JaffaCakes118
Size

611KB
MD5

374bcbee4fca5bbf2a5bae5414700f26
SHA1

756d33ad821b1b16e793b02b221d6d6ef612990a
SHA256

43366b9ce51d45a3c3adb29495caf56433b65728c5a4e04fa9f6fe24f82ba555
SHA512

9d379dde6d0ca9610e338de4a0fece28f3920947a4d6d7caa5aa72e640ff2b80950cd8b2c3738169754d3be400350f1b608b2c7cc98d9f5ce8efff42ea1e9850
SSDEEP

12288:frfqGPkxBL/HmsMBKGfZ9B8Whf4Jpak2GbNXvO+P9xk22iAfvbVO:rJPkfGsnO8WizZXrL2BfvZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
374bcbee4fca5bbf2a5bae5414700f26_JaffaCakes118

Files

374bcbee4fca5bbf2a5bae5414700f26_JaffaCakes118
.dll windows:5 windows x86 arch:x86

63d28ed99694686bbeb12d05cb6b07e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryInfoKeyA

kernel32

GetCommandLineA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadStringA
MessageBoxW

wininet

InternetOpenA

Exports

Exports

_Java_br_com_gas_mid_entity_CLibrary_Digest1@16
_Java_br_com_gas_mid_entity_CLibrary_Digest2@16
_Java_br_com_gas_mid_entity_CLibrary_Digest3@16
_Java_br_com_gas_mid_entity_CLibrary_Function10@32
_Java_br_com_gas_mid_entity_CLibrary_Function1@32
_Java_br_com_gas_mid_entity_CLibrary_Function3@28
_Java_br_com_gas_mid_entity_CLibrary_getVersion@8

Sections

.text
Size: - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63d28ed99694686bbeb12d05cb6b07e5

Headers

File Characteristics

Imports

advapi32

kernel32

user32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 604KB

.rdata Size: - Virtual size: 107KB

.data Size: - Virtual size: 44KB

.tls Size: 512B - Virtual size: 2B

.vmp0 Size: - Virtual size: 39KB

.vmp1 Size: - Virtual size: 271KB

.vmp2 Size: 609KB - Virtual size: 609KB

.reloc Size: 512B - Virtual size: 236B

.text
Size: - Virtual size: 604KB

.rdata
Size: - Virtual size: 107KB

.data
Size: - Virtual size: 44KB

.tls
Size: 512B - Virtual size: 2B

.vmp0
Size: - Virtual size: 39KB

.vmp1
Size: - Virtual size: 271KB

.vmp2
Size: 609KB - Virtual size: 609KB

.reloc
Size: 512B - Virtual size: 236B