5ae882a3fbe29df822c7069a3d7e6399_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ae882a3fbe29df822c7069a3d7e6399_JaffaCakes118
Size

332KB
MD5

5ae882a3fbe29df822c7069a3d7e6399
SHA1

2f0bf22c7e734f931f8c52bce4bdb064bdb06378
SHA256

e5cb19c8264374031118f5ddef1a9f0e81612f63b904964cf9027dcfb464bf21
SHA512

3724444117bbe0d82c1fa6533962069f6148f7c18cbabb7f17d0f634c94bd2146f6c99a772ef379f6bbd1f8da7fe3cd815d5b55d8be3da643857aa0c46908897
SSDEEP

6144:FRt1j4qQutdgYPXwUIRo9li3PaBBDSK4gVESmd5rR0+IE4p6N1:jzjCMgYPAlRo9bHDSKKSmDK+IEIQ1

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae882a3fbe29df822c7069a3d7e6399_JaffaCakes118

Files

5ae882a3fbe29df822c7069a3d7e6399_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5eb9d7eddb7d1bf7dec14dca0b1608e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetModuleFileNameA
GetCommandLineA
WritePrivateProfileStringA
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
WriteFile
DeleteFileA
IsBadReadPtr
HeapFree
UnhandledExceptionFilter
FileTimeToSystemTime
Sleep
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
GetLastError
EnterCriticalSection
lstrcpyA
FreeLibrary
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
HeapReAlloc
DuplicateHandle
GetCurrentProcess
Process32First
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetProcAddress
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrcmpiA
GetFileAttributesA
GetFileSize
GetFileTime
lstrcmpA
WaitForSingleObject
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
LCMapStringW
TerminateProcess
GetFileType
SetStdHandle
HeapSize
GetACP
GetLocalTime
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
HeapAlloc
ExitProcess
GetProcessHeap
LocalAlloc
GetCurrentThreadId
LocalFree
lstrcpynA
RtlMoveMemory
GetModuleHandleA
Module32First
lstrlenA
Process32Next
FileTimeToLocalFileTime
CloseHandle
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
CreateToolhelp32Snapshot
ReadFile
GetSystemDirectoryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetWindowLongA
SetWindowLongA
SetTimer
SetLayeredWindowAttributes
BeginPaint
CallWindowProcA
CopyIcon
CopyImage
GetAsyncKeyState
CallNextHookEx
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
KillTimer
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetFocus
SetFocus
GetClassNameA
IsWindow
GetDlgItem
GetClassLongA
EndPaint
SetWindowsHookExA
CreateWindowExA
UnhookWindowsHookEx
DestroyIcon
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
LoadCursorA
GetSysColorBrush
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
GetMessagePos
GetForegroundWindow
GetWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadStringA
UnregisterClassA
CopyRect
GetKeyState
CharUpperA
GetMessageTime
TrackMouseEvent
SetCursor
DefMDIChildProcA
DestroyWindow
EndDialog
GetClientRect
DefWindowProcA
SendMessageA
LoadIconA
MessageBoxA

gdi32

CreateRoundRectRgn
CreatePatternBrush
CreateSolidBrush
StretchBlt
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteObject
SetBkColor
GetDeviceCaps
PtVisible
SetTextColor
TextOutA
ExtTextOutA
Escape
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
RectVisible

shell32

ShellExecuteA
DragFinish
Shell_NotifyIconA
DragAcceptFiles
DragQueryFileA
StrCmpNIA

atl

ord42
ord47

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SafeArrayDestroy
VarR8FromCy
VarR8FromBool
OleLoadPicture
VariantClear
SysAllocString
SafeArrayCreate

shlwapi

PathFileExistsA

winmm

PlaySoundA

rasapi32

RasHangUpA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA
RasDialA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

wsock32

gethostname
WSACleanup
WSAStartup
select
gethostbyname
WSASetLastError
socket
setsockopt
htons
closesocket
recv
send
connect
ioctlsocket

wininet

FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetReadFile
InternetOpenA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5eb9d7eddb7d1bf7dec14dca0b1608e6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

atl

ole32

oleaut32

shlwapi

winmm

rasapi32

comdlg32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: - Virtual size: 227KB

.rdata Size: - Virtual size: 30KB

.data Size: - Virtual size: 277KB

.rsrc Size: 28KB - Virtual size: 25KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 296KB - Virtual size: 293KB

.reloc Size: 4KB - Virtual size: 52B

.text
Size: - Virtual size: 227KB

.rdata
Size: - Virtual size: 30KB

.data
Size: - Virtual size: 277KB

.rsrc
Size: 28KB - Virtual size: 25KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 296KB - Virtual size: 293KB

.reloc
Size: 4KB - Virtual size: 52B