44d1ee5a0c72ba4fd25a2d548637f3e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44d1ee5a0c72ba4fd25a2d548637f3e1_JaffaCakes118
Size

141KB
MD5

44d1ee5a0c72ba4fd25a2d548637f3e1
SHA1

1adffc708784fd75065bec6612a849b36b182c0c
SHA256

e83f92a07e84cfa03d542bf1343e709eecfb24b8f4f89b3d45dc6f2304fd56ec
SHA512

79f84d4e8c2027e1bb50e57a6a102cb1a35ef3b26528ec9b3f0fb018ade866f099d19223c3a9f3cb612ee46f3aa1a8266bea8fb6346485d19a04d2cbf3b59a54
SSDEEP

3072:eEPguooxlyJ0ubS3DO3Hx9xGAmctCZa67ZBxBOrPfMT5:eEPbS0ukDO3HFGQk7ZVOjc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d1ee5a0c72ba4fd25a2d548637f3e1_JaffaCakes118

Files

44d1ee5a0c72ba4fd25a2d548637f3e1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd2b25ff80795da14bb47886a2883019

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord2069
ord2100
ord4774
ord580
ord782
ord1248
ord4266
ord2597
ord6355
ord4262
ord6514
ord1250
ord3165
ord6347
ord280
ord1696
ord3741
ord4543
ord2726
ord2595
ord1678
ord2593
ord6579
ord6604
ord6311
ord4131
ord6205
ord6353
ord265
ord6822
ord5778
ord6811
ord1243
ord5767
ord3589
ord4324
ord4967
ord4043
ord589
ord794
ord4211
ord3674
ord1098
ord6482
ord3670
ord4905
ord3115
ord6018
ord5663
ord5680
ord4996
ord4347
ord2447
ord5676
ord5674
ord3217
ord2087
ord4213
ord5830
ord6741
ord5548
ord1048
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord813
ord6630
ord1108
ord1137
ord524
ord744
ord5182
ord3515
ord3220
ord285
ord1607
ord4405
ord5979
ord1664
ord6118
ord4044
ord814
ord6119
ord5812
ord1613
ord4668
ord4709
ord3145
ord5177
ord5300
ord6103
ord5809
ord1544
ord962
ord3485
ord5008
ord6760
ord1183
ord811
ord2360
ord4000
ord1938
ord1918
ord2057
ord611
ord3489
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord3286
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord5650
ord1727
ord1792
ord2139
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4652
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord1665
ord2274
ord286
ord639
ord374
ord3794
ord610
ord329
ord1791
ord1357
ord2130
ord4010
ord654
ord266
ord3528
ord799
ord686
ord436
ord693
ord3563
ord3252
ord4658
ord2280
ord1599
ord1314
ord1313
ord6687
ord5632
ord4631
ord5167
ord5324
ord2208
ord1810
ord3577
ord2282
ord4512
ord797
ord595
ord600
ord1809
ord1675
ord3353
ord6408
ord1492
ord5653
ord4682
ord4584
ord4664
ord949
ord296
ord2537
ord909
ord3185
ord1182
ord1272
ord801

msvcr90

__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcscpy
wcscmp
vfwprintf
strcpy
wcsrchr
fclose
fwprintf
_wfopen
strlen
wcsncpy
rand
_time64
memcpy
memset
wcslen
memmove_s
memcpy_s
_wtoi
ceil
free
wcstoul
wcstod
_localtime64_s

kernel32

MultiByteToWideChar
ReadProcessMemory
GetLastError
VirtualAllocEx
GetCurrentProcessId
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateRemoteThread
VirtualFreeEx
CreateEventW
GetSystemDirectoryW
Thread32Next
Thread32First
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
Process32NextW
GetPrivateProfileStringW
Process32FirstW
OpenProcess
FreeLibrary
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
Module32NextW
CloseHandle
Module32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

EnableWindow
GetSystemMetrics
EnumThreadWindows
GetWindowTextW
KillTimer
PostMessageW
ShowWindow
DrawIcon
CreateMenu
IsIconic
SetTimer
LoadIconW
CopyRect
GetClientRect
SetWindowLongW
GetWindowLongW
GetParent
LockWindowUpdate
SendMessageW
GetSysColor
MessageBoxA

comctl32

InitCommonControlsEx

shlwapi

StrCmpIW

oleaut32

VarDateFromStr

wsock32

WSAGetLastError
WSAStartup

Exports

Exports

�y��cڝ�!�� <W�n-_�b��m�8�.�� ]��_��?��Py��pE ��b�Mo�R�w��~&�=��,b�z��f\(��0#��6�/��}1��$��b��!I�Z�`�NT/$��0v�W�9k�P�-8�]��B��d�5��R(6yV8�M�Ǥ�W�%�e��y�j��0J�,��B��ޚ�� T|��d�O~ ��@qΝn3n�㸘���s+�!~�{I"��K�3�Vwz��`0��ߤPӿ�l�Qy�=^0=S��)ތ퇊�)�� Szo��_��A��}*��ݤ5��`�O��;1Cq��o�!��B+�ut�VVùg��/��GP��n�+�K�žD'�>VOj �ʁv: �yp�q1�+"os�.T �-t�V<�p��"_�U"��8��f�w��F��8�m�!�pz%Y��]��z��ğ3.�Է��c�`��17f��=��`��`:�x6��wI�5:$�q�b2@`u��N��ɳ�Y�҇��A�ڴ�Z ��+�ؘk9_K�"з�rD� 2�́�d�~+��aF��'�:�k� �w��7|�v��d5E�O��|Mp�V��Q��B��,K��F�I'rO��ͽ��hs��|�B �-�W��S7w��Z4>��WG�ac�7clb6��gK�x[�Z��d�Y6�\�o�ͽ��<�v��ֹ��r&�M�Y��vCo�$� �EޢK��]jiy��ˁJ��wk��{��K%8ލ-O+#B�G8W�謂��oi&�^^a=��t!L��3�a��0�Tma��L�� s�Y�YYWt؃Y�\|=��"|�º�u��U�۶L��X�F!(�mlù�i��Qcͬ� ��7�s ��!~��W�ʜ��JdT@�dX��c y՛�rD�u}Cf�ap˩�+�/s��,�}1�A��|��p?n��0��CN �#��k��p�8f�9��ԥX1��m�$��c��xt�*�h�U�/3Ѳ��C��4�'��/�F=�E.ea��c[�-��Nk��:(Q��i ��#�T>�Y�θ��S�-]�-��Z�E��Z��#��b�0d9[��/R;"�C��m��p_��H�1��l⎴�,��t�Epɧ�`��S��=�2��$��o��m5��"��.��5B�|��q�I�p8 �R��{z�MǗ�C�� 犴)=�}KY��_��(O��N��\i��1��I2��D*g�(X�?A�H��k�]^�`��}DSc�E!9�a��)��$��&q{O^��)e�67g�:�.�'��l�c[�-hQ��y�xG<��6^Xu32��>ݡ�ف��p��h�y�ό+F��?�2�U� ��2O��wr��?3��>��wٷH��6?�ݫF�S�|`Ot��ƹ�k�'��"�Am�m��Ҥ�P ~��vB1��\�2��Md��3%*�Yt�R�Iz�uqC�1�uD�'��4�r��Fg�N�i�e��28*��p��~��|/��J��*�`� ��R�e��_?��:�f�aHq�šR�k��1��>�\�U�#�j��}��>Š-�V�E��c1(<S�޸��WZM�� Z_��I�Ϙޢ}э䎠��{X�dB*FY۫k��i,��{W��_��E�S�3|�d��>4fA�)�3.�Z�F쓗�F�:��ʉ!״ZO��L�[��vC�=n�.��)Ύ��:�ܒřaߨjI��Ԯ@�|~��S��G��{?��e��a�Y�̃ᦖ�mGa�/ʂ�A��o��)۽��?�8q�� T�.j<1j�G��(#��<�"��&�ecb��KDL�S�!lv�ecful��~��N:��~�F�7ű��+&.Ձ[Md��F��w��[u�Cд�J��rG��2�[�ZD��Ml�f��X<|FM~p�P��V�4Q�_�:��sH�Dj[�pZnW��a^��>/�*u�U2˷CjLW��CC��i�)��Z�� .�&o��C4�.Hs.�jX�*ő6Us8�:@�ֽmy�4 :��J�" ��X�׷��L�ǣ{�wvu�1h�A�^��6]�k u�t�N.7>�Z�^��C�}��x�{�sQ ��5=^�06��(�Ղ��t�?��<Ǟ�Ħ�)�g�ޗjJE�{Td��JY�;��*��q�pqI��Wwz�>#��q+�e�� Δ �^�G�KKam%;�0[X��$��.��z�6V�%�zu3�� n X��)��z:8� *��rn��r!�j�&��ղ�g��j>��A��I��'suw��;��S+mj*#3�+`�"�4��)'��P�󄔃�}!.#��L�̮b�Lh) ��<S�݃��M5��d(��c?X��}*�"�Ɉ�3f��E�02�c_h�2jQ\ M+�^�k?��}1g��[�D��y��0 ��f��!3�zM��Ҷ��^[r�Ό�t�<��(*�pҁ�YPViŀ!)dDN��20Z��,s�MN�D��*��ٙ��;b��.��~n�/��I��e� ��[�6�� %��(�+��94�r�{dv��ج��S��yT�%'�^��S��EK��>��]�LϽ��d�fD�mc��W#�� y��/i��/�i��<��ũȥ��[�i�̓�1 ��mR�|a��M�"��L#N��u��E��'|0��@_�*��/�S��`#E��a�Ǯ��oL��`K��P/��z�_+��w��W��Gq-A�h��A-}�M�

Sections

.text
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd2b25ff80795da14bb47886a2883019

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

comctl32

shlwapi

oleaut32

wsock32

Exports

Exports

Sections

.text Size: - Virtual size: 47KB

.rdata Size: - Virtual size: 19KB

.data Size: - Virtual size: 10KB

.rsrc Size: 24KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 39KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 115KB - Virtual size: 114KB

.reloc Size: 512B - Virtual size: 196B

.text
Size: - Virtual size: 47KB

.rdata
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 10KB

.rsrc
Size: 24KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 39KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 115KB - Virtual size: 114KB

.reloc
Size: 512B - Virtual size: 196B