37f483eae5283679d443ee9516ecb5cf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37f483eae5283679d443ee9516ecb5cf_JaffaCakes118
Size

1.3MB
MD5

37f483eae5283679d443ee9516ecb5cf
SHA1

96b3534b72a1fdfaa3cd8a4a86d997006f23100f
SHA256

ca9b8ace50a86106baf8fc5965aed6531ec827677f4766f8f988dc79ab4d11a6
SHA512

e6e611f980c6754a0288dee6fffe6b45d5b43dc2df24e19639e7a4071660ff8bd55a6f3140a01ae6d06a2be83e67b6784f64cf1a09f071ecba0d2face04a3281
SSDEEP

24576:Sf8d/OZ2e9YPpx81JCi4t+E1+YNnHpRn3NAqLZOo:Sf8ISwciatIQHPn3pLw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37f483eae5283679d443ee9516ecb5cf_JaffaCakes118

Files

37f483eae5283679d443ee9516ecb5cf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

428d4257ffa16360c3555a9aa439db46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

midiOutUnprepareHeader

ws2_32

ntohl

kernel32

HeapCreate
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadCursorA

gdi32

ScaleViewportExtEx

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

comdlg32

GetFileTitleA

Exports

Exports

RunDllHostCallBack

Sections

.text
Size: - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

428d4257ffa16360c3555a9aa439db46

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 828KB

.rdata Size: - Virtual size: 398KB

.data Size: - Virtual size: 332KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 98KB

.vmp1 Size: - Virtual size: 628KB

.vmp2 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 4KB - Virtual size: 196B

.text
Size: - Virtual size: 828KB

.rdata
Size: - Virtual size: 398KB

.data
Size: - Virtual size: 332KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 98KB

.vmp1
Size: - Virtual size: 628KB

.vmp2
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 4KB - Virtual size: 196B