5e03ee59ae1abaf636404be0e25bd316_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5e03ee59ae1abaf636404be0e25bd316_JaffaCakes118
Size

1.4MB
MD5

5e03ee59ae1abaf636404be0e25bd316
SHA1

317a83f38567d5d3df5b5a863f34bb58990e6619
SHA256

42b1b34b36ac6361479cdb31e044121c0d04b3fc5242679ef06a0053e916657f
SHA512

0432e6758ea42e4accef88bb8d5cf5b3d1635bddfcec6b7d33b9257031c7fdfe0d6cd6f36b86c49e31b7daedff77809e52af8a7d005b6b2bc6f2494c7dc374cb
SSDEEP

24576:qkmbO6l3LNs6ME9FQm9CAIw1bN/yXqSXXxY3HrRq6hvEzjjLtI5cw6U0ib:gbOQBsfGQQWw1b1yXqUMRq66nTU9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e03ee59ae1abaf636404be0e25bd316_JaffaCakes118

Files

5e03ee59ae1abaf636404be0e25bd316_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01b5c631122fdf8a05a17c10ea40a934

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

GetTickCount
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TabbedTextOutA
MessageBoxA

gdi32

RoundRect

winmm

waveOutPrepareHeader

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize

oleaut32

VariantChangeType

comctl32

ord17

oledlg

ord8

ws2_32

getpeername

wininet

HttpSendRequestA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01b5c631122fdf8a05a17c10ea40a934

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 620KB

.rdata Size: - Virtual size: 675KB

.data Size: - Virtual size: 324KB

.rsrc Size: 164KB - Virtual size: 177KB

.vmp0 Size: - Virtual size: 461KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.text
Size: - Virtual size: 620KB

.rdata
Size: - Virtual size: 675KB

.data
Size: - Virtual size: 324KB

.rsrc
Size: 164KB - Virtual size: 177KB

.vmp0
Size: - Virtual size: 461KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB