6221808e3cc68c44438e59af7fb0c7fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6221808e3cc68c44438e59af7fb0c7fc_JaffaCakes118
Size

140KB
MD5

6221808e3cc68c44438e59af7fb0c7fc
SHA1

63767734bffdda5a0f58c6c84c34f5c955891654
SHA256

bbc2b2c4112231e24bffb361f0f16ba5fc592ca203811f6e10ed696709f8986e
SHA512

628b85673a45fb32c7b9d4b5ac4a37a830e182bfdbb84c4ee5a04e3007ba0b68bd6c2b045f5fdb3c5f3cac154448aa067316163e0dba89c5603d0faf3d096ef6
SSDEEP

3072:dKp0cFcWZLteTLBWNyXv+QLEoxGZwl6Flz:dDcKkITLBv+WE8GZl7z

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6221808e3cc68c44438e59af7fb0c7fc_JaffaCakes118

Files

6221808e3cc68c44438e59af7fb0c7fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1f4a6017332fb91aa833840927cd16b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA

kernel32

TlsSetValue
ResumeThread
SetPriorityClass
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
CloseHandle
ExitProcess
GetWindowsDirectoryA
Sleep
lstrlenA
GetTickCount
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1f4a6017332fb91aa833840927cd16b

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 64KB - Virtual size: 64KB

.vmp0 Size: 20KB - Virtual size: 16KB

.vmp1 Size: 4KB - Virtual size: 256B

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 64KB - Virtual size: 64KB

.vmp0
Size: 20KB - Virtual size: 16KB

.vmp1
Size: 4KB - Virtual size: 256B

.rsrc
Size: 24KB - Virtual size: 24KB