5ca956e54e18d73fe0d646e3fbf2d93c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ca956e54e18d73fe0d646e3fbf2d93c_JaffaCakes118
Size

70KB
MD5

5ca956e54e18d73fe0d646e3fbf2d93c
SHA1

6ca8c6b213466429e0d261b0d78b06b44b0d765c
SHA256

1c1a74a570103522c2b07ff4ef18c430fe57ab83f999d1b5f20528ed46afc98c
SHA512

c1c3ebf61e70aaea19d943b2d077fa78bdabda8379f3a20081a14ebaabea66bb7b2f5e82e5fedc69050ccf918fad764f93bd14532ac2378179aaaef0826824f7
SSDEEP

1536:kIJPp/wLIde33cZ8vqUFJuqraSDwqfAq6bqRCuVZn0FQe:cX33QgSqrxl4q6ZO0Oe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ca956e54e18d73fe0d646e3fbf2d93c_JaffaCakes118

Files

5ca956e54e18d73fe0d646e3fbf2d93c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2754f246939c7dbac6f00f4903db1755

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
CreateToolhelp32Snapshot
GetProcessHeap
HeapAlloc
GetModuleFileNameA
Process32Next
lstrcmpiA
Process32First
WriteFile
WideCharToMultiByte
MultiByteToWideChar
lstrcatA
GetTickCount
FindClose
FindFirstFileA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetTempPathA
GetWindowsDirectoryA
ReleaseMutex
GetLastError
CreateMutexA
FreeLibrary
GetSystemDirectoryA
GetFileAttributesA
MoveFileExA
Sleep
DeleteFileA
lstrcpynA
ReadProcessMemory
SetThreadPriority
CreateThread
DeviceIoControl
TerminateThread
CopyFileA
GlobalAlloc
GlobalFree
SetEndOfFile
TerminateProcess
VirtualAlloc
VirtualFree
GetCurrentProcess
VirtualProtect
IsBadReadPtr
GetModuleHandleA
CreateFileA
ReadFile
SetFilePointer
CloseHandle
GetFileSize
LoadLibraryA
lstrlenA
GetProcAddress

user32

GetForegroundWindow
GetClassNameW
GetWindow
GetWindowTextA
wsprintfA
PostMessageA
FindWindowA

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA

advapi32

SetSecurityDescriptorDacl
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor

msvcrt

__dllonexit
memcmp
_strdup
_strcmpi
_strupr
strncmp
_onexit
strcat
strrchr
strcpy
free
_stricmp
strncpy
memset
strlen
malloc
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
_except_handler3
_itoa
strstr
_strlwr
wcscat
wcscpy
wcslen
sprintf
isspace
strchr
_vsnprintf
realloc
isdigit
isalpha
atoi
wcscmp
mbstowcs
wcsncat
wcsstr
exit
rand
srand

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wsock32

socket
htons
shutdown
connect
recv
closesocket
gethostbyname
WSAStartup
send

psapi

GetModuleFileNameExA
EnumProcessModules

gdiplus

GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile

Exports

Exports

pfjaoidjglkajd

Sections

.bss
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2754f246939c7dbac6f00f4903db1755

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

msvcp60

wsock32

psapi

gdiplus

Exports

Exports

Sections

.bss Size: - Virtual size: 2.0MB

.data Size: 46KB - Virtual size: 46KB

.CRT Size: 512B - Virtual size: 8B

.vmp0 Size: 8KB - Virtual size: 7KB

.vmp1 Size: 11KB - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2.0MB

.data
Size: 46KB - Virtual size: 46KB

.CRT
Size: 512B - Virtual size: 8B

.vmp0
Size: 8KB - Virtual size: 7KB

.vmp1
Size: 11KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 2KB