3c4fa8d1fd3ce50f8ba48ff3bd2dbb83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c4fa8d1fd3ce50f8ba48ff3bd2dbb83_JaffaCakes118
Size

173KB
MD5

3c4fa8d1fd3ce50f8ba48ff3bd2dbb83
SHA1

a362093d8a7dd6d7f0f396d4b80fdb307102984e
SHA256

ec7d982f8e7030bd5a03666134304dfe3095e9c0369320e6b3c4e98e2e43c500
SHA512

931845f13ba25a68a04b59b80c9354603278b3b4963eafe992aded4fe5017ec323b314a175dc98ec0835e1f41ab8357657cda961feefc27e135a4c47e629848e
SSDEEP

3072:6VUyVYcab6XzbERJ1GzNR/bIWxwMVBFeJopIb1pepri1CTMqtzpTfpkN8D17i2Gc:Ry3joJ1EkW3BkJap21CXpTfCN9yLgJef

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c4fa8d1fd3ce50f8ba48ff3bd2dbb83_JaffaCakes118

Files

3c4fa8d1fd3ce50f8ba48ff3bd2dbb83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da8654b1fb0dfbd9e9fc1513d41d2bb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
LoadResource
FindResourceA
SetUnhandledExceptionFilter
Sleep
SizeofResource
GetCommandLineA
GetLocalTime
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
FreeResource
MultiByteToWideChar
GetVersion
CreateRemoteThread
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrcpyA
lstrcatA
GetCurrentThread
GetProcAddress
ResumeThread
GetWindowsDirectoryA
MoveFileExA
CopyFileA
DeleteFileA
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
ExitProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
ReleaseMutex
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetMessageA
GetInputState
MessageBoxA

advapi32

LockServiceDatabase
UnlockServiceDatabase
StartServiceA
CloseServiceHandle
LookupPrivilegeValueA
OpenServiceA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
EqualSid
GetAce
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
GetUserNameA

msvcrt

_XcptFilter
_except_handler3
??3@YAXPAX@Z
strncmp
strtoul
isdigit
exit
??2@YAPAXI@Z
strstr
_exit
_strlwr
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da8654b1fb0dfbd9e9fc1513d41d2bb7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: - Virtual size: 7KB

.rdata Size: - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 124KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: 170KB - Virtual size: 169KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 124KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: 170KB - Virtual size: 169KB

.reloc
Size: 512B - Virtual size: 108B