4c3dc354caecee9f7af5650b4171bfd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c3dc354caecee9f7af5650b4171bfd5_JaffaCakes118
Size

68KB
MD5

4c3dc354caecee9f7af5650b4171bfd5
SHA1

aad4deea1a0758e867ab6ac2c1b3ae3b2b78d41f
SHA256

171432a5c8e58b71712b92dff96c63e14aecc28b69fc66fe0db431e1cde175e8
SHA512

856c6687f178265c9379cc8812d4ac16ab512646614a676c38e5f2fbefbf3f4966e2953abb63b53087c8bd6809600620a56a63f0c1d42777f37c91cde063f449
SSDEEP

768:+mCo0kAfrryXXZcAuk4LgczAXs5L75sGRRzBY3Ov5Iq7SDLkXW7Qjq1uCSd8Aqtq:beQKjHRRRzBY3WIoSDLhb1uT3sk1

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3dc354caecee9f7af5650b4171bfd5_JaffaCakes118

Files

4c3dc354caecee9f7af5650b4171bfd5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6fb7970d7e177f47d84b91908050cf94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2915
ord2764
ord4129
ord6648
ord537
ord926
ord924
ord922
ord858
ord6663
ord860
ord4278
ord939
ord6877
ord540
ord2818
ord535
ord800
ord1168

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
malloc
srand
time
__CxxFrameHandler
atoi
free
exit
strtok
strstr
printf
rand

kernel32

CreateProcessA
GetCurrentProcess
GetTickCount
CreateThread
GetProcAddress
LoadLibraryA
lstrcpyA
GetComputerNameA
CloseHandle
TerminateThread
ExitThread
GetSystemDirectoryA
Sleep

user32

ExitWindowsEx
MessageBoxA
wsprintfA

advapi32

RegOpenKeyA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ws2_32

gethostbyname
sendto
setsockopt
socket
htons
inet_addr
inet_ntoa
WSASocketA
WSAStartup
gethostname
htonl
connect
send
closesocket
recv
WSACleanup
WSAGetLastError
__WSAFDIsSet
select

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fb7970d7e177f47d84b91908050cf94

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 888B

.vmp0 Size: 4KB - Virtual size: 2KB

.vmp1 Size: 16KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 888B

.vmp0
Size: 4KB - Virtual size: 2KB

.vmp1
Size: 16KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 2KB