4c3cff35da4ec0f6854bd99bf24db048_JaffaCakes118

General

Target

4c3cff35da4ec0f6854bd99bf24db048_JaffaCakes118
Size

4.2MB
MD5

4c3cff35da4ec0f6854bd99bf24db048
SHA1

0ae7bf97c852c1c5d66745eb6adbec5975a48c9c
SHA256

badb42f4f88aac8efd3f5d3bd3e3aff9ca33f52de3427be43dadea1ef2a0179f
SHA512

4800fd13c2192039414917f0c1f2a2e63d9f78b1c7f09821bbb1cb9da297dda9fb65ae0b964a04d4cbafbca8c5b5748d9983543d403b0af926d8f51219f8839a
SSDEEP

98304:BT4YR3TPAax0QT18wK/G25tYs5b2lIsKnF+eCtEo6bRqsmphM63p:uYR3TYaySfKe25+sV2af+eCtEngFpLp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3cff35da4ec0f6854bd99bf24db048_JaffaCakes118

Files

4c3cff35da4ec0f6854bd99bf24db048_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3adf9ec860cacad3b4b713938a49cfd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
Module32Next
Module32First
CreateToolhelp32Snapshot
GetProcAddress
GetModuleFileNameA
CreateMutexA
OpenMutexA
CreateFileA
GetFileSize
ReadFile
GetCurrentProcessId
CloseHandle
GetStartupInfoA
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

free
memset
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
realloc

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3adf9ec860cacad3b4b713938a49cfd6

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 968B

.data Size: - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 16B

.vmp0 Size: - Virtual size: 19KB

.vmp1 Size: 45KB - Virtual size: 44KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 968B

.data
Size: - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 16B

.vmp0
Size: - Virtual size: 19KB

.vmp1
Size: 45KB - Virtual size: 44KB

.reloc
Size: 512B - Virtual size: 160B