5f2988ab779dd3ef70914f4d208bf6b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5f2988ab779dd3ef70914f4d208bf6b9_JaffaCakes118
Size

140KB
MD5

5f2988ab779dd3ef70914f4d208bf6b9
SHA1

66d2309f54c6262ca377e048f04abfa7ba783f80
SHA256

4fb51ca96177d18be97e26591287358e13e868d69c7b2794c8af06568658ab3b
SHA512

195e29f45ec8c003f3f89c81979a3284e2d9914241ec9a07700537d8474a0b6b7bbfbbb8a0402ea7f3742d2d03a069a34dfdcff5dbc7ef16d99f413fee3e1939
SSDEEP

3072:UBqhYZFlRL6eQvAn9RraPEDknMfDISyU4n:3MFlRL6eOMLIS5o

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f2988ab779dd3ef70914f4d208bf6b9_JaffaCakes118

Files

5f2988ab779dd3ef70914f4d208bf6b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b962c64b5b9d1f9870d3dbd874f20d49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

user32

wsprintfA
CharNextA
MessageBoxA

kernel32

InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
HeapFree
Sleep
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
CreateDirectoryA
SetEnvironmentVariableA
lstrlenA
lstrcpyA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
MoveFileA
CloseHandle
SetFileTime
GetFileTime
GetSystemDirectoryA
WriteFile
CreateFileA
GetTickCount
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetFileAttributesA
GetShortPathNameA
ExpandEnvironmentStringsA
OpenEventA
SetUnhandledExceptionFilter
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
DeleteFileA
SetFileAttributesA
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
RaiseException
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

_itoa
strcat
strncat
strchr
strcpy
strlen
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
strcmp
__CxxFrameHandler
_CxxThrowException
strncpy
strstr
free
malloc
rand
srand
_ftol
toupper
tolower
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
wcstombs
_strnicmp
_strrev
_strlwr
_stricmp
_except_handler3

netapi32

NetUserGetLocalGroups

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b962c64b5b9d1f9870d3dbd874f20d49

Headers

File Characteristics

Imports

shlwapi

user32

kernel32

msvcrt

netapi32

Sections

.text Size: - Virtual size: 13KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 164KB

.rsrc Size: 4KB - Virtual size: 4KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 128KB - Virtual size: 125KB

.reloc Size: 4KB - Virtual size: 64B

.text
Size: - Virtual size: 13KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 164KB

.rsrc
Size: 4KB - Virtual size: 4KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 128KB - Virtual size: 125KB

.reloc
Size: 4KB - Virtual size: 64B