4bca857d1cf43d9db07524944a2781c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bca857d1cf43d9db07524944a2781c8_JaffaCakes118
Size

4.2MB
MD5

4bca857d1cf43d9db07524944a2781c8
SHA1

046c322b95e97654b1e671d8a9ca808f854b703d
SHA256

4929816c9f65c2a0025dcc170fc7283fc7c30fd31c46748dc927715825121b2f
SHA512

b3df4066d8420b5751ea6da862644b49fc9dfb8ca12e8466160055502e676f955995f6b326ed8adf95335fedf2c77c738f3021ee014e051165cad3389fb4ec5b
SSDEEP

49152:wef63E0rP1NDDYBzb0GB9QGWbRJt5LNJb2EzgAuqSj9Xq:wl3E0rPTDDYBzqbRJd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bca857d1cf43d9db07524944a2781c8_JaffaCakes118

Files

4bca857d1cf43d9db07524944a2781c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

658d9488caee27b70234b4fdb1e4c1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

kernel32

CreateToolhelp32Snapshot
GetCurrentProcessId
GetFileSize
GetSystemDirectoryA
FindNextFileA
FindClose
GetComputerNameA
WriteFile
SetFilePointer
GetLocalTime
SuspendThread
ResumeThread
GetCurrentThreadId
CreateDirectoryA
CopyFileA
DeleteCriticalSection
TerminateThread
GetExitCodeThread
WaitForSingleObject
SetThreadPriority
_lwrite
_lclose
_lcreat
CompareFileTime
GlobalFree
GlobalAlloc
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
IsDBCSLeadByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
TerminateProcess
LocalFree
LocalAlloc
GetLastError
SetEndOfFile
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
QueryPerformanceCounter
GetSystemInfo
Module32First
lstrcatA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
RaiseException
VirtualQuery
GetSystemDefaultLangID
GetCurrentProcess
GetModuleHandleA
ResetEvent
CreateEventA
SetEvent
GetModuleFileNameA
FindFirstFileA
CreateFileA
ReadFile
CloseHandle
Module32Next
InitializeCriticalSection
GetCurrentThread
GetTickCount
Sleep
EnterCriticalSection
LeaveCriticalSection
ExitThread
lstrlenA
lstrcmpiA
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetLocaleInfoA
DeleteFileA
OutputDebugStringA
lstrcmpA
VirtualProtect
lstrcpyA
InterlockedExchange
GetACP
GetEnvironmentStringsW
CreateThread
CompareStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendMessageA
SetWindowTextA
DefWindowProcA
PostMessageA
SetForegroundWindow
PostQuitMessage
SetFocus
GetForegroundWindow
ReleaseDC
GetWindowTextA
GetDC
DispatchMessageA
TranslateMessage
PeekMessageA
DrawTextA
SetWindowLongA
ShowCursor
UpdateWindow
ShowWindow
CreateWindowExA
LoadBitmapA
CallWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
GetSystemMetrics
GetClassNameA
EnumWindows
FindWindowA
wsprintfA
CharLowerA
SetTimer
OffsetRect
ClientToScreen
GetClientRect
MessageBoxA
GetWindowRect
GetDesktopWindow
MessageBoxW

gdi32

GetStockObject
CreateDCA
GetObjectA
GetDIBits
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
BitBlt
DeleteDC
TextOutA
CreateFontA
SelectObject
SetBkMode
SetTextColor

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

handes

?DecryptFunc@@YGHPAD0@Z

ddraw

DirectDrawCreate

winmm

mixerSetControlDetails
timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
mmioClose
mmioAscend
mmioRead
mmioDescend
mmioOpenA
mmioSeek
mmioSetInfo
mmioAdvance
mmioGetInfo
mixerClose
mixerOpen
mixerGetDevCapsA
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
timeGetTime

shlwapi

PathFileExistsA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable

imm32

ImmSetConversionStatus
ImmGetContext
ImmSetOpenStatus

wsock32

WSACleanup
getsockname
accept
setsockopt
inet_addr
gethostbyname
closesocket
WSAGetLastError
recv
inet_ntoa
htons
send
WSAAsyncSelect
connect
ioctlsocket
socket
WSAStartup

Exports

Exports

SetExtChangeZip
UnZipData
UnZipDataToDirectory
UnZipDataToFile
UnZipFile
ZipData
ZipFile
_CloseD3d@0
_InitD3D@4
_smPlayD3D@24
fcEXP

Sections

.text
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 62.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_exp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

KPTTrans
Size: 1024KB - Virtual size: 1024KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_exp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

658d9488caee27b70234b4fdb1e4c1df

Headers

File Characteristics

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

handes

ddraw

winmm

shlwapi

wininet

imm32

wsock32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.8MB

.rdata Size: 207KB - Virtual size: 208KB

.data Size: 1.0MB - Virtual size: 62.2MB

.rsrc Size: 163KB - Virtual size: 163KB

_exp Size: 2KB - Virtual size: 4KB

KPTTrans Size: 1024KB - Virtual size: 1024KB

_exp Size: 6KB - Virtual size: 8KB

.vmp0 Size: 16KB - Virtual size: 16KB

.vmp1 Size: 25KB - Virtual size: 25KB

.text
Size: 1.7MB - Virtual size: 1.8MB

.rdata
Size: 207KB - Virtual size: 208KB

.data
Size: 1.0MB - Virtual size: 62.2MB

.rsrc
Size: 163KB - Virtual size: 163KB

_exp
Size: 2KB - Virtual size: 4KB

KPTTrans
Size: 1024KB - Virtual size: 1024KB

_exp
Size: 6KB - Virtual size: 8KB

.vmp0
Size: 16KB - Virtual size: 16KB

.vmp1
Size: 25KB - Virtual size: 25KB