468f129d2ae291d6a34dbc5d0339052d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

468f129d2ae291d6a34dbc5d0339052d_JaffaCakes118
Size

395KB
MD5

468f129d2ae291d6a34dbc5d0339052d
SHA1

dfdd83e156bdeecc623c36f8c5f07b777e151e11
SHA256

229f92121cfdf7d84daf2fcbc63998132d973370441b521d3f1ce5a34551fb66
SHA512

366a1729016e082f5016f00eaac98c32c444e7a12373117e3cd28b82f0a2168b7618966f29cfb859616dbeb5ea59d9be577a4a6bd36cb34231a366e7120a1158
SSDEEP

6144:c5S+Nb9h7FiY3Q+vnGKwRSJo+brRzvT4qC3Qx/JyHqvkHCNRRCoa:cbD7F93QOGlSJo+3RjTfZLyH8z3ha

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

468f129d2ae291d6a34dbc5d0339052d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba5f1512fd613a053a90bf0581de4d80

Code Sign

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8e
Certificate

Issuer

CN=Microsoft Corporation

Not Before

19/11/2010, 08:37

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:b7:7f:83:7b:7e:44:ea:2e:47:2b:38:ad:ec:e2:3c:53:d9:b6:b4
Signer

Actual PE Digest

e9:b7:7f:83:7b:7e:44:ea:2e:47:2b:38:ad:ec:e2:3c:53:d9:b6:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDlgItem
MessageBoxA

advapi32

RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoUninitialize

oleaut32

VariantInit

htmlayout

HTMLayoutDataReady

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba5f1512fd613a053a90bf0581de4d80

Code Sign

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8eCertificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

e9:b7:7f:83:7b:7e:44:ea:2e:47:2b:38:ad:ec:e2:3c:53:d9:b6:b4Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

htmlayout

iphlpapi

wininet

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 6KB

.vmp0 Size: 104KB - Virtual size: 102KB

.vmp1 Size: 56KB - Virtual size: 55KB

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8e
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

e9:b7:7f:83:7b:7e:44:ea:2e:47:2b:38:ad:ec:e2:3c:53:d9:b6:b4
Signer

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 6KB

.vmp0
Size: 104KB - Virtual size: 102KB

.vmp1
Size: 56KB - Virtual size: 55KB