3e96304259e0977edef78f2e4609e23e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e96304259e0977edef78f2e4609e23e_JaffaCakes118
Size

47KB
MD5

3e96304259e0977edef78f2e4609e23e
SHA1

bb76cbd961a22a9e3aebca1379468df2a6152cd8
SHA256

418952478a96c44af7b522d0413e0f202bcd30df88694231f7b1ee4dab303b4c
SHA512

1e4a3b8c8d453d87f68d3c0a0ce38e3b7480303d6c10d2fd5d652ecf4c813b6e711ac135c1af16e11f076bb7cbad71db4011b6bbedf6b596174c7aaaf7e7e49c
SSDEEP

768:A/PgufEhnBhkyGTaiYYCXkdsk8oZtOI7/hlscOZLmNgja4TjUk7u9PtR0+b:A/HcnBVGTaiYXU8AOgDsc0ygR9Cf0+b

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e96304259e0977edef78f2e4609e23e_JaffaCakes118

Files

3e96304259e0977edef78f2e4609e23e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50b5550392d6403de178035b0469ca46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
lstrcpyW
DeleteCriticalSection
Sleep
VirtualProtect

shell32

Shell_NotifyIconA

mpr

WNetOpenEnumA

advapi32

StartServiceA
ReportEventA
SetSecurityInfo
RegQueryValueExA

user32

GetKeyboardType
CreateWindowExA

version

VerQueryValueA

wsock32

WSACleanup

winmm

waveOutWrite

avicap32

capCreateCaptureWindowA

wininet

InternetReadFile

msacm32

acmFormatChooseA

gdi32

UnrealizeObject

ws2_32

WSAIoctl

oleaut32

SafeArrayPtrOfIndex
SysFreeString

comctl32

ImageList_SetIconSize

Sections

nsp0
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsp1
Size: 6KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RPCrypt
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50b5550392d6403de178035b0469ca46

Headers

File Characteristics

Imports

kernel32

shell32

mpr

advapi32

user32

version

wsock32

winmm

avicap32

wininet

msacm32

gdi32

ws2_32

oleaut32

comctl32

Sections

nsp0 Size: - Virtual size: 796KB

nsp1 Size: 6KB - Virtual size: 279KB

.RPCrypt Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 2KB

.vmp1 Size: 39KB - Virtual size: 38KB

.reloc Size: 1024B - Virtual size: 528B

nsp0
Size: - Virtual size: 796KB

nsp1
Size: 6KB - Virtual size: 279KB

.RPCrypt
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 2KB

.vmp1
Size: 39KB - Virtual size: 38KB

.reloc
Size: 1024B - Virtual size: 528B