42037adddd7aa9f12a29d3385f4da97b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42037adddd7aa9f12a29d3385f4da97b_JaffaCakes118
Size

172KB
MD5

42037adddd7aa9f12a29d3385f4da97b
SHA1

06dfc2e8ad4b122bbb8868c51fad60d4fcec7d01
SHA256

ce10f989966c857293870343d4204e2a4ccd04632d79ba122872e0d16f3ab74c
SHA512

09cae598fa3c8970320b7cabf34285b5244fb9bdc4f450a5d46deb23637c24036d7ebd7983ae4ee206f6b0f53515b6cd4eb44f86327d9b094116cd897d7cbf65
SSDEEP

3072:0U+O3yyNPkXi+uqetkfo3xJ8e+WVah3MwE1EgCsL45or28yNjL6Q:0U/5wcxCe+WVahtE2gCsL45orAZ+Q

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42037adddd7aa9f12a29d3385f4da97b_JaffaCakes118

Files

42037adddd7aa9f12a29d3385f4da97b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f97a4e01162278e360777b21e57392d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_ftol
strncpy
strrchr
__CxxFrameHandler
memcpy
srand
??2@YAPAXI@Z
memmove
rand
strstr
strlen
memset
strchr
malloc
free
_strrev
_strlwr
_strupr
_except_handler3

kernel32

GetTempPathA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
SetFileAttributesA
DeleteFileA
GetFileAttributesA
CreateDirectoryA
GetCurrentProcess
IsBadReadPtr
SetUnhandledExceptionFilter
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetShortPathNameA
GetTickCount
GetLastError
CreateEventA
WaitForSingleObject
Sleep
GetModuleFileNameA
SleepEx
lstrlenA
CreateFileA
GetCurrentThreadId
WriteFile
GetWindowsDirectoryA
GetFileTime
SetFileTime
CloseHandle
MoveFileA
GetModuleHandleA
ExitProcess
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
VirtualProtect
GetModuleFileNameA
ExitProcess

ws2_32

closesocket
getprotobynumber

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f97a4e01162278e360777b21e57392d

Headers

File Characteristics

Imports

msvcrt

kernel32

ws2_32

user32

Sections

.text Size: - Virtual size: 20KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 80KB

.rsrc Size: 28KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 136KB - Virtual size: 132KB

.reloc Size: 4KB - Virtual size: 72B

.text
Size: - Virtual size: 20KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 80KB

.rsrc
Size: 28KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 136KB - Virtual size: 132KB

.reloc
Size: 4KB - Virtual size: 72B