41816265305f4f3ec057ef9a6f251e1a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41816265305f4f3ec057ef9a6f251e1a_JaffaCakes118
Size

2.5MB
MD5

41816265305f4f3ec057ef9a6f251e1a
SHA1

5587b7262a6c68de5c827dc9c8a8024e40a7b8a0
SHA256

418687165c81f24fde79b3ce0b23a4f79d3b79e88bdcfc04e76c45c20cd0d77b
SHA512

2c28acaafef674b0d5664333e29abc60369b2a75d98cb0e227b151f7c131f0b0ab6ccc54a9e4c01ca3b978bb7fdb5ff46523dbfc1c70ce30e16086ffb0a0c3e9
SSDEEP

49152:kNvdJ812pITbJFBcEIjRmPI4ATaEDPQeuDlwwp62C2F0G2LCoSQUM:8dJY2QFBcEIjRm9ARbQfDl5w6MUM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41816265305f4f3ec057ef9a6f251e1a_JaffaCakes118

Files

41816265305f4f3ec057ef9a6f251e1a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cf831ca8aedd107bdd093ea11c9607c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

MessageBoxA
MessageBoxA

gdi32

RealizePalette

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CreateILockBytesOnHGlobal

oleaut32

VariantClear

comctl32

ord17

oledlg

ord8

ws2_32

closesocket

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cf831ca8aedd107bdd093ea11c9607c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 486KB

.rdata Size: - Virtual size: 2.5MB

.data Size: - Virtual size: 161KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 131KB

.vmp1 Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 4KB - Virtual size: 156B

.text
Size: - Virtual size: 486KB

.rdata
Size: - Virtual size: 2.5MB

.data
Size: - Virtual size: 161KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 131KB

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 4KB - Virtual size: 156B