4144e015435e29f499c756334d5b9b48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4144e015435e29f499c756334d5b9b48_JaffaCakes118
Size

223KB
MD5

4144e015435e29f499c756334d5b9b48
SHA1

76f425e5733bdefa03dc242a0e1bd09d464f7db1
SHA256

d0733b1c34da98f1e37fecefcf4ceaeeeeba85b741a64fa0eafc3160eeb3d269
SHA512

1a58ff4a0cc4561f83c8c917eccc3a3d59e0a3af21eb52a50761015e793536ff045b4e09a9a1a8898f7b5b6ac5c449b437b218313faa135cb61168fe95cb16be
SSDEEP

6144:9k7JuUoee/eKB3lVFIMzm8jqnsCAJ5E95ViK9Vj:O7JPoX/eKHVFICm8ishJ54Tzh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4144e015435e29f499c756334d5b9b48_JaffaCakes118

Files

4144e015435e29f499c756334d5b9b48_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f8e964c561dfea2738489f86aaa18b55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyWindow
MessageBoxA

msvcr90

_amsg_exit

msvcp90

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

d3d9

Direct3DCreate9

gdi32

DeleteObject

advapi32

RegQueryValueExA

Exports

Exports

-�\��z��7=9"��T�;wT7��J_�]ڀi��9c��H$Ǚ oP�+�2��KW�r=��v 8Jd�M��p�,��>�#%#��*%�ƺv��9��A�4�^��i�0� �y��G�#B1_��;!��0l@$�HX{J��PZ��St/��V�ta+;�t�5nB$LD��e��aR5��)�� U�4�k �@��Guϭ��s��/�UĄ��c'w}��(�X�ol��!{�L��.��w#��U"��DQ�Չ��v�Lx��W��7%?9m�bw)\�w�:��k�P��|0�5@��A��&��b��>�zX��xU�ʍ�V�{��z�?��}�� ))��*6�ͬ��,�KL*�E16�$�w3VI~5ąM��z�l�*/+�P��b\��DFhD�D��C"��+BWO��4�B,j�V�B�hg��zOCP� �3Q��`o7�P�t ��>�F�DT��g_) ��[��R�V��WT~a�른W]��A�ˏ��HR�LI�"��S�� G8 Fr�2�1:�l�� X�jԔ�Y�S��'�*J�-#��W��F��¸��,GD6w{��vb�@��2��v_��QС�˚��8�Yh+N9n�a5�K>�W��W��{BȢ|K8!E_]�-��l��D��!�l��Y�T��%/�<��t��IL��£!��z�/��*E7Wv ��c4M0�g�M�D��|˵��B��њ=��NB�Q��ĺ<�" ��:��Ac[G�݅!�o�m��|3s��K��ʩ�7JE9"�>y3~q_�8�Df�Z�>e��Z��謈ך}��7W��Nɡʎ��L�5. ��lʇzY5iyU�-��L�+��9�G�!s��X�� 8sP�K}�N��U�P�I� ��r3f#�)X��?E��h�IIO[d��ﰶ�C��9.!l��:=R� �{��Q�wjo�#��R%��A�6�z��n9 Hb��K$6��7;�5g��y3�m�3��4�T7��ر<��6�҃�� j��-��}��j��~M��:�-S �L��.!y�*�| ��(A��-�_յB��dzx�z8�_sw�'��j�6�ַ=��<��U:� ��tm~U��wc).��{��s�Z��xy#�aDI�IM�6|��}G�F��ż��a�i��\��X�nA�<��a'�;"�="�Y�Z��eٔ�M�A��c��=��2�n\�Ĵ4䩉z��|fI�� D+��I��CY��itI��W��1xȉG�s7��8l��R��D��Bk&x��~.ܑ%@:�uz[��p�u��(G}�i�l1�aCT�Y��:�h��G�� eIn��$��x��u O.�S��ʠ��۔��x�(�9U��3)~�}id��۸3-L��-�PI^��BS�P�7�!_��X�Iߒ笟vo�]�haC�H��Rh�zs�Q�<f�_��@��n��n2�Dt��A��>z�'9�|�<�H�B��]�ia<��N�|�B�C,Q��/3��-��@Z, �]��Љ�Q&%�T��DZ�-��pjS8��&<�M�R!��:��tol?��9F�z'7�{�+o��H�Ϊ�� [�\�O��BD��w�Sx�!��x5y��^�� O�]\e�<׏��k�1�^wI�T�Ny��5�YP��U�\eo*!T��W�t��E�Ffp=��3�0�P�E�+�)(��bN�&o��F��ԟ:F�b`8�#�!�Qn~ ��Ht�[�n�1#W#�ȓjKG��m��\S��p�GV�`h$��2�&L5�M��x��z.�BU��)?��\��l�2@��[(ڏr�� 5^�e"�$Q��y�( ��~�-��wQ�Y�o�;�"�z��s�!�z��rZG��[��s��c�eд�ю�|�=�@�/��A"��l��BN�:��4�^��K��)I(r��0:��C^ E� Ñ��_u�j�/d�3[��ķ��g��[��ÿ�0�� GʅH<��dJ�ηL0w��#�@��73�T��n7��e�2ҳ�2�(�`�T��.kn ��á��N`?��Aߞ?C �ks��E�6�N�uw�-��Ї?��9I6��j��ܺ��3�(xf��4j��Z��<X�Fފ��3��,�V1\캇�ϣ��P��m3��ph�s*,S��X�p�/G�MޖݕR��c��ݺ6�(~�5�2�� (x�_>v�܋��u6�ψ�5D�F�W��r; %�K+ ./�>=��x[��%D��g&�RE}��28I�7�LsZ��Bg�_�DK�Q"4�P��K��l�>��]8�� ty�x%��S@bڽ��b��]xd�̨`j��o��L^ :�m�/�(��_y�a�_��d�.;�P�no;�y3Ռ�G�돁⑮tz��Q��ǥmN[�z��0@��ו��'X`��A��}��,JO]�{]K�R�9�Wd��`��V��n,�7e[˸J��{"pM�ֈ��6a�1w)�<fP�q��#��,QKm��B��7n �<41�i�}&�9��_��]F�(��SK=��C��7d��`�e�d��?Y��S�C_گ��8��T�G15�3�箣�ffS�8fhT��"Q�bJu��J_�(K�c��v�0�<��*�5*��M ue��K�~��G��dR"��Д��6�\� �e/��r��c��#��~۟@# ��1�;��n�ryA��K�t�� i0r�

Sections

.text
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8e964c561dfea2738489f86aaa18b55

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr90

msvcp90

d3d9

gdi32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 116KB

.rdata Size: - Virtual size: 65KB

.data Size: - Virtual size: 55KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 19KB

.vmp1 Size: - Virtual size: 79KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 220KB - Virtual size: 220KB

.reloc Size: 512B - Virtual size: 168B

.text
Size: - Virtual size: 116KB

.rdata
Size: - Virtual size: 65KB

.data
Size: - Virtual size: 55KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 19KB

.vmp1
Size: - Virtual size: 79KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 220KB - Virtual size: 220KB

.reloc
Size: 512B - Virtual size: 168B