490f16c4187bdbcb87cab7dc2e7e7a78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

490f16c4187bdbcb87cab7dc2e7e7a78_JaffaCakes118
Size

37KB
MD5

490f16c4187bdbcb87cab7dc2e7e7a78
SHA1

0cb455c882d30b33aedf0d9ae1bba9893058e53a
SHA256

9f610d3b0755f6addf3859c99499d6fa5df4e1b5b6c96ae1727780c4be19cab6
SHA512

73d93cf595978631c5a718cc8d1e95a2777bee328b74c47456cdde50ad31fa859473adf07f9e07152848662b1faf14dd22ee66389c24f4367a978ee5cb75d0b5
SSDEEP

768:/NHdie4gwzYmnPZOx+fkXJOV23fKj8/0AeMl1KY2Crvw37:/nT4b8fx+8wV2voGeMeYn7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
490f16c4187bdbcb87cab7dc2e7e7a78_JaffaCakes118

Files

490f16c4187bdbcb87cab7dc2e7e7a78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc2f4530432ac96b7c85fdfb8b4d5475

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
setsockopt
htonl
sendto
inet_addr
gethostbyname
recv
WSACleanup
WSAGetLastError
closesocket
WSAStartup
socket
htons
connect
send
WSAAsyncSelect

kernel32

GetModuleHandleA
GetProcessHeap
FreeLibrary
GetStartupInfoA
GetProcAddress
LoadLibraryA
GetTickCount
SetFileAttributesA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetSystemDirectoryA
CloseHandle
ExitProcess
CopyFileA
Sleep
DeleteFileA
CreateThread
MoveFileExA
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
GetCurrentProcessId
HeapAlloc
VirtualProtect

user32

wsprintfA
DefWindowProcA
ExitWindowsEx
PostQuitMessage
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

LookupPrivilegeValueA
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenProcessToken
AdjustTokenPrivileges

msvcrt

_exit
_onexit
__dllonexit
malloc
sprintf
printf
__CxxFrameHandler
_XcptFilter
strcspn
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_acmdln
__setusermatherr
_initterm
strstr
_strlwr
_itoa
rand
strncpy
??2@YAPAXI@Z
_stricmp
atoi
__getmainargs

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc2f4530432ac96b7c85fdfb8b4d5475

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcrt

msvcp60

Sections

.text Size: - Virtual size: 11KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 36KB - Virtual size: 35KB

.text
Size: - Virtual size: 11KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 36KB - Virtual size: 35KB