39e7971f70e15719677fe414b39454ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39e7971f70e15719677fe414b39454ee_JaffaCakes118
Size

1.9MB
MD5

39e7971f70e15719677fe414b39454ee
SHA1

08e3aa88f40c4e72c62788bd6b772169a7837f88
SHA256

2f1e0313ad2fe0197c4734822e5dde644617e1d1d94ef2c362e4be74482d80e0
SHA512

0e93da70e739994bb9240118a5c2367b396a9348019052fc0e38eca6a22251ce095e0d4381d0a90004bfc84ba6c106c7e3972506111a32680b1eec762f290d1a
SSDEEP

49152:EeeQhyhcPhqzLqE8qevBentzNzozpCZnSMEB1UUQ1PwYCPn09R1bqHTN0x9NOed:EeeQhyhcPhqzLqE8qevBentzNzozpwnp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39e7971f70e15719677fe414b39454ee_JaffaCakes118

Files

39e7971f70e15719677fe414b39454ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5d6d122de5da229a2368b819f9120b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamProperty

ws2_32

WSACleanup

kernel32

FindResourceA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

UpdateWindow

gdi32

CreatePen

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoRevokeClassObject

oleaut32

SysAllocString

comctl32

ImageList_Destroy

oledlg

ord8

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5d6d122de5da229a2368b819f9120b6

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 508KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 257KB

.rsrc Size: 104KB - Virtual size: 117KB

.vmp0 Size: - Virtual size: 393KB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.text
Size: - Virtual size: 508KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 257KB

.rsrc
Size: 104KB - Virtual size: 117KB

.vmp0
Size: - Virtual size: 393KB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB