4c840c2ce470e023d61a9961a0f8e50d_JaffaCakes118

General

Target

4c840c2ce470e023d61a9961a0f8e50d_JaffaCakes118
Size

347KB
MD5

4c840c2ce470e023d61a9961a0f8e50d
SHA1

e579bb18c307f60a60cb1f850def064364f93b08
SHA256

04170c6e46ea21ca7afaeac7b8ce8565c5fd64697606e7c2471c29994009e710
SHA512

7027bc7a6c3531fe71fb396fe721462205256d487d5d57aa86595d2b403752d20666c1cf4dcc1d39e5544899ae6fe5d269bf50c9fadec11b5d5fd108acc1afb7
SSDEEP

6144:dYxJli6CM8sNmGAA1vavp5oauRrRyEJO8KjVaPy9p1X/FyUWeT:uT8sMK1vavp5ohRcENUiyL1N

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c840c2ce470e023d61a9961a0f8e50d_JaffaCakes118

Files

4c840c2ce470e023d61a9961a0f8e50d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

529829516c966ddf12ca69a00787c803

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
Sleep
SetUnhandledExceptionFilter
GetModuleFileNameA
ExpandEnvironmentStringsA
SetLastError
lstrcmpiA
lstrlenA
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
ExitProcess
lstrcatA
GetLastError
GetModuleHandleA
GetStartupInfoA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageA
GetInputState
wsprintfA
GetMessageA
MessageBoxA

advapi32

CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA

msvcrt

??1type_info@@UAE@XZ
_controlfp
_except_handler3
strchr
fclose
fwrite
fopen
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
strstr
??3@YAXPAX@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

529829516c966ddf12ca69a00787c803

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: - Virtual size: 5KB

.rsrc Size: 20KB - Virtual size: 292KB

.vmp0 Size: - Virtual size: 17KB

.vmp1 Size: 325KB - Virtual size: 325KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: - Virtual size: 5KB

.rsrc
Size: 20KB - Virtual size: 292KB

.vmp0
Size: - Virtual size: 17KB

.vmp1
Size: 325KB - Virtual size: 325KB

.reloc
Size: 512B - Virtual size: 136B