4b8297dce4a764cb85b4cc2c0d686ab7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b8297dce4a764cb85b4cc2c0d686ab7_JaffaCakes118
Size

495KB
MD5

4b8297dce4a764cb85b4cc2c0d686ab7
SHA1

04af2ebbeeac0b2620fa8c6ab909c90a14e9003e
SHA256

c98c9a59c5bfbdfd9c63949dbe328580f9cd6bb3367db7f3877fc4a11d6bb467
SHA512

443fe3f8b7aba91ff0d71338546713644467d4e971ad345449536c5c4446bdf80ed46bc486d35d9c8ba90ae1a97d3edcabc04aec6fb6991e28e16b5bad79f3d7
SSDEEP

6144:n6d98EormLEFb6vjj5yuIZrnc6h4L4Z4rF48g1ST/2xeMrMwCh50JpY:6zyEjCx5j+rF48g1STqrF53Y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

4b8297dce4a764cb85b4cc2c0d686ab7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3efc89d2cdaa7d2330b884cc4b36b6b

Code Sign

78:1e:bc:be:f5:41:5f:7c:bb:14:14:e9:fa:c0:8d:2f
Certificate

Issuer

CN=Microsoft Corporation

Not Before

22/11/2010, 08:50

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:e6:2e:c1:10:ee:9b:22:fc:92:8a:d1:a3:ce:79:a3:52:de:bc:24
Signer

Actual PE Digest

92:e6:2e:c1:10:ee:9b:22:fc:92:8a:d1:a3:ce:79:a3:52:de:bc:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendMessageW
MessageBoxA

advapi32

RegEnumKeyExW

shell32

SHGetPathFromIDListW

ole32

CoCreateGuid

htmlayout

ValueStringDataSet

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW

comctl32

ImageList_Draw

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3efc89d2cdaa7d2330b884cc4b36b6b

Code Sign

78:1e:bc:be:f5:41:5f:7c:bb:14:14:e9:fa:c0:8d:2fCertificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

92:e6:2e:c1:10:ee:9b:22:fc:92:8a:d1:a3:ce:79:a3:52:de:bc:24Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

htmlayout

iphlpapi

wininet

comctl32

Sections

.text Size: 184KB - Virtual size: 182KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

.vmp0 Size: 128KB - Virtual size: 127KB

.vmp1 Size: 60KB - Virtual size: 59KB

78:1e:bc:be:f5:41:5f:7c:bb:14:14:e9:fa:c0:8d:2f
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

92:e6:2e:c1:10:ee:9b:22:fc:92:8a:d1:a3:ce:79:a3:52:de:bc:24
Signer

.text
Size: 184KB - Virtual size: 182KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.vmp0
Size: 128KB - Virtual size: 127KB

.vmp1
Size: 60KB - Virtual size: 59KB