4c75fa5e034c0b8aedd4f2c0baed0e7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c75fa5e034c0b8aedd4f2c0baed0e7d_JaffaCakes118
Size

294KB
MD5

4c75fa5e034c0b8aedd4f2c0baed0e7d
SHA1

8f35df3bb309bd4017df8a3d19de0dff1b508704
SHA256

8179baf5c023b8239d176a4dd6ad32d38f2d4c77fe55a8e6d3be09e668c8543c
SHA512

6159d45e0e4c4ad1076e2d66ff7a38967c847477a5d2c49da9173b971c119a799d0183bcf4cdd79a41894cca52cfa8ee5965e99ea81a0e3d9a44cacde5d278df
SSDEEP

6144:aixf7qg4+mIErt5An6fotU9C7fJJ4k89qBBbLiXdhi8If1x:dx743rfAn6fotU9CL/rUJ8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c75fa5e034c0b8aedd4f2c0baed0e7d_JaffaCakes118

Files

4c75fa5e034c0b8aedd4f2c0baed0e7d_JaffaCakes118
.exe windows:0 windows x86 arch:x86

6e505b86658e352ee7e56d463c6078ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
TlsSetValue
DeleteCriticalSection
lstrcpyW
LoadLibraryA
VirtualProtect
GetModuleFileNameA

msacm32

acmFormatChooseA

avicap32

capCreateCaptureWindowA

wsock32

WSACleanup

advapi32

SetSecurityInfo
ReportEventA
StartServiceA
RegQueryValueExA

user32

GetKeyboardType
CreateWindowExA
MessageBoxA

oleaut32

SysFreeString
SafeArrayPtrOfIndex

winmm

waveOutWrite

wininet

InternetReadFile

mpr

WNetOpenEnumA

shell32

Shell_NotifyIconA

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

ws2_32

WSAIoctl

Sections

.nsp0
Size: - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e505b86658e352ee7e56d463c6078ad

Headers

File Characteristics

Imports

kernel32

msacm32

avicap32

wsock32

advapi32

user32

oleaut32

winmm

wininet

mpr

shell32

version

gdi32

comctl32

ws2_32

Sections

.nsp0 Size: - Virtual size: 820KB

.nsp1 Size: 271KB - Virtual size: 272KB

.nsp2 Size: - Virtual size: 5KB

.vmp0 Size: 6KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 524B

.vmp1 Size: 13KB - Virtual size: 13KB

.reloc Size: 1KB - Virtual size: 1KB

.nsp0
Size: - Virtual size: 820KB

.nsp1
Size: 271KB - Virtual size: 272KB

.nsp2
Size: - Virtual size: 5KB

.vmp0
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 524B

.vmp1
Size: 13KB - Virtual size: 13KB

.reloc
Size: 1KB - Virtual size: 1KB