5daedb7a50ffd6bdb2515a37bed8c266_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5daedb7a50ffd6bdb2515a37bed8c266_JaffaCakes118
Size

99KB
MD5

5daedb7a50ffd6bdb2515a37bed8c266
SHA1

c548094c98f4874f649b61f08e79ed4b053d1d9c
SHA256

002218dfeba3bda2b11c2bf68aca6a9fc349aa695815491839e16ae67eab2b92
SHA512

206d0ba7c01530beefa3c6921535c791d933c245300117b56a0cda18e4ae9dcc6bc58e0d6474c97dcd3bdc8bfd6d3788b78d5bcde7d790c185bf77a7f56b9618
SSDEEP

1536:fUpnlrU/rBTprOyNmTJMgwRba9SnX9tEfcp5LTE2f2AxwNuxhgWZ3ejDiZ4TmR8I:qn6/rvOyUwJaktUc/LY02AxPxjemtdlb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5daedb7a50ffd6bdb2515a37bed8c266_JaffaCakes118

Files

5daedb7a50ffd6bdb2515a37bed8c266_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05c99a19c4085236ab6f6c929f4cd53b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrStrA
StrToIntA

user32

PostThreadMessageA
wsprintfA

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoCreateGuid

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
time
srand
rand
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__getmainargs

kernel32

SetFilePointer
GetModuleFileNameA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
ReadFile
CreateMutexA
GetLastError
GetFileAttributesExA
ReleaseMutex
lstrcpyA
lstrlenA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
WriteFile
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
CloseHandle
GetFileTime
SetFileTime
VirtualProtect

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

wjyl1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05c99a19c4085236ab6f6c929f4cd53b

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

ole32

msvcrt

kernel32

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 7KB

.vmp1 Size: 17KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 544B

wjyl1 Size: 512B - Virtual size: 512B

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 7KB

.vmp1
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 544B

wjyl1
Size: 512B - Virtual size: 512B