4d338cf52a699361b4d845ab5244f496_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d338cf52a699361b4d845ab5244f496_JaffaCakes118
Size

212KB
MD5

4d338cf52a699361b4d845ab5244f496
SHA1

c97cad2ff7134d0ed2ae47a81220d92ba25efab7
SHA256

e4e3d41724ca8ad71de336637558bfae68ade1f289794993c2896aefcb1c34df
SHA512

05256e0d11bcfd5e2934f57e0cfaa25962da31bb5a289bf541ad420f9c52e51442a51b563e6126b002be834ba6f5b89b660909e64b80484916dfa0151de646d8
SSDEEP

6144:stTkUD1pEsNHwnUOflKXIuxRrayNNrX8ljBvuKg6i:wvpEqHwnUOtKXDxRrhNrMDO1

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d338cf52a699361b4d845ab5244f496_JaffaCakes118

Files

4d338cf52a699361b4d845ab5244f496_JaffaCakes118
.dll windows:4 windows x86 arch:x86

89a724b3095d6afaa19d03a5c87bf6bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

shlwapi

SHDeleteKeyA

msvcrt

wcstombs

winmm

waveOutOpen

ws2_32

WSAStartup

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

imm32

ImmGetCompositionStringA

wininet

InternetOpenUrlA

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory

user32

MessageBoxA

Exports

Exports

ServiceMain

Sections

.text
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89a724b3095d6afaa19d03a5c87bf6bd

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

imm32

wininet

avicap32

msvfw32

psapi

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 83KB

.data Size: - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 992B

.vmp0 Size: - Virtual size: 5KB

.vmp1 Size: - Virtual size: 118KB

.vmp2 Size: 209KB - Virtual size: 209KB

.reloc Size: 512B - Virtual size: 104B

.text
Size: - Virtual size: 83KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 992B

.vmp0
Size: - Virtual size: 5KB

.vmp1
Size: - Virtual size: 118KB

.vmp2
Size: 209KB - Virtual size: 209KB

.reloc
Size: 512B - Virtual size: 104B