65fd413c76697dd01c2f76f673dc5aa3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65fd413c76697dd01c2f76f673dc5aa3_JaffaCakes118
Size

920KB
MD5

65fd413c76697dd01c2f76f673dc5aa3
SHA1

0ca3cf4879ef86a956822cfae9fabd219b2f0aee
SHA256

ae48c76ddbc7be8b35247ac533e3dfc3f4766ec0d1c5be988ba19e1e5ae4fbd2
SHA512

54eab8e8ee73c980e8f573fde5c61f48f40977e92a03bc9b254d5a6eaa898d620b7b5c2a6451f8d2a4776fde5a6628b651b935d7298ef29ccbb29f251e1b240a
SSDEEP

24576:3sok+7wTyRIAxOh7YfY2kqlTLHQiYXMa04E:p7wGRIAxOh7I+G9p4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65fd413c76697dd01c2f76f673dc5aa3_JaffaCakes118

Files

65fd413c76697dd01c2f76f673dc5aa3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e706f8884e1d0b84c6debb3d3403949d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

uskin

ord2
ord1

kernel32

SetErrorMode
GetTickCount
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
lstrcmpA
RaiseException
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
WaitForSingleObject
GetCurrentThreadId
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetProcessHeap
HeapAlloc
HeapFree
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateProcessA
GetModuleHandleA
GetProcAddress
ExitProcess
OpenProcess
TerminateProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
CloseHandle
GetSystemDirectoryA
CreateThread
CompareStringW
CompareStringA
GetCPInfo
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LCMapStringA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA
PostThreadMessageA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
SetMenu
TranslateAcceleratorA
ReleaseCapture
LoadCursorA
SetCapture
SetWindowRgn
IsRectEmpty
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetRectEmpty
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
EqualRect
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
PtInRect
GetWindow
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuStringA
DestroyMenu
wsprintfA
FindWindowA
SetForegroundWindow
LoadIconA
KillTimer
SetTimer
IsIconic
GetSystemMenu
DrawIcon
MessageBoxA
DestroyCursor
GetIconInfo
CreateIconIndirect
PostMessageA
SetCursor
IsMenu
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
SetParent
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
FrameRect
OffsetRect
InflateRect
DrawStateA
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
GetSysColorBrush
GetSysColor
DrawIconEx
DestroyIcon
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnableWindow
GetDesktopWindow
ReleaseDC
LockWindowUpdate
GetDCEx
AdjustWindowRectEx
LoadMenuA
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
CharUpperA
DeferWindowPos
EndDialog

gdi32

StretchDIBits
GetCharWidthA
CreateFontA
GetBkColor
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
GetTextColor
GetRgnBox
ExcludeClipRect
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
MoveToEx
LineTo
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetTextExtentPoint32W
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
IntersectClipRect

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo

shlwapi

PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
OleCreateFontIndirect
VariantClear

winmm

PlaySoundA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetOpenUrlA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

ws2_32

socket
inet_addr
WSACleanup
WSAGetLastError
WSACancelBlockingCall
WSAStartup
connect
setsockopt
bind
listen
getsockname
ioctlsocket
closesocket
recv
send
select
__WSAFDIsSet
gethostbyname
inet_ntoa

Exports

Exports

y�{=�2Qcm��t�7B��m��^� �Su�ZF��ɷ�Q�*��PlRܭ ,�c��+��K��)�6��\�XS��L��G�<��ڊ_�K��c��2m�܋��A�;y��T猲W��/�m$�7�v]R��W��&��}�$@��_�nh�}�i`�qǫT��&2�[͌�$��sthI��~d�いm!U�'m��3u�ä��m�$e�� gv7�^��p� s�p�TgG��8��I ��!�3F�q˖M~g��O��:ǔ��?��%W3�ܭ��`�o� H��P�6��\T�1d&ZȺ��DA7i�6Z/��mGC�UlF�� 0��-�>x� �=j{��i�C�ͱ�5��Y��W�q�vVj�`�'=;!gz=�d�ɋY-��4��T��s��;�E�E;3��~iU��f�)�}�2��i�Bm�!*��s�Ē��]L2��p�u!%��}q��]?T��Yl�a�A�E5^/�=-i$�M��0�mX�W�r5Ggκ^��K|Tqh�R_?�VC~��W!��ly��Z�� ̠�_��ڒ{��}u��%��K�}캼`R2"��t��{^!gjD��1�H5Z;�i��{i˺�󢜆/��5Վ��v�?��z��8d�2��уv��hmX)��lYy��.�<�P��$7�9B~8 [ԅ�/F�,��ȼݑ�PW7v��Nr�L��R'Me��?뽔%�J��e��HA��??��o2��6�!Iq� ̩�:7��^��F��F��~�̢TD=�SȮ�LY��s_�3t��~�]<̗o�M�}��3�q�ĕ)�P��o3��k;�C09XU�1�"T� isv��X��"�9�HB��ąR��V&�G�P��й��:-��دS��lΖ��lk�H�j~��>j��F�A��{:X�a͑��zh��h��fuH�"ĳ`��D Lz�^Om�Jk�=��3��h�U��*��3hw��pq�U�)y;G��Y`��9x��7e'�<�ft�z��k�D�+�Ռ��6SJ�18+�(�7{�抬 Ŗ��~��2#�|:sJ_�j�I6$Bȥ5��_z]�g p�C�D�*�cW@nh89~ �L'm�O��"3�:v(�i(��0.<��ߴQA�b��g�)z�MC9_��t�r�TYc��s�� rT��\�#�oйG�1�Â2I��fu�t�G�+nlݞCɽ8!>��˶G�%��Z61�!��[]�"d��f{��\J�[��σ�{VG5T� x��C|o�WV�9�fqsM6��p"��ՙ�:g�^�ղz��P̤=`��zG�%��E�L��1R՟Vi�n;~� u�^ �+��)iQ�,j��IŖxZ��6��w,�lC��W�q��\ȍ�?�f~9Y,�dFÈ@$�"Cf�ْ�*��-_�3�,T�.��B(��E�X�^3K (��eA��D��a+�S��>��i#��6�6��LÝWsބ4��(��k 1{bܭe��V�芾멞 ��N��;�QT^�\:�(*�Ɓ�2�w��_hYIG��~1�~+�W?B�%5v5.��FcYι��K֔�y��x�=�9��j�R��N};@�� L#?�L[��pR%v�H%-� �^��O'}��,�/��&Z��h��A(&F|vjւ��^��n��A��D��T��,ܲ��V��Ō�+��"��)��O/٘K�$�z��=�ݒ�}�#4뮂�D(u�?ė��v|��H>�y�Fյ�r��/��D�^pN�㙅�T�q��隠zņZ�X�h�Z}^Z��/Z5��]��l�O�6F�4�vɽ1�b��i[lT3��ն!��#��C-"�h�:��YE��x�߻)�>�%�U�4Q9ś<,��U�� o#��r�KZ}��s��O5vN�xo&d<��~-�ѹ�56��~��3y��'E~|��- ��hثax�SfEeN��ƢL��ɒ�/$e��w�}ղ�ZHXG�x�f3K%OSj�&KM��=�HgRO�p�;\��]RT�&q�VK��)\�z�e��sx��S�$>��N�T��Aש �$g̬c?]�&5�s�I���ޏfAY�FU��h�.�k ��@h�� e��]�Qm��9�C,}X�Ȁ��Yܚxl�gy2 f;!��zQ��2$h� �t�(��i��r��h�:I�ʥ�U_"�x��:�1��?�v��݂w�1�%��B�Bd��I��^q��r�.�.z#�~{�w�v�SIݨ c?��C�2�f�C<�O��nLi�x��U�;IR*�ηrb\;U�:�� k*h�XU��&�M2g�0�?S�/{C�R��N ~A�[��ZĨ�`�մ�VcS@�M��v�7�B��Nn�s�ϝ��ok�@3��<�׻H�I��%1��{$��g0>��$��K��xU�W��ċ� }�#��j�|Ӊ�rg�3oɘϒ&��qh�=��I��Ԯ`��Ai��^�0OdZ?&ڔ�v��9P�e"�,�5hiE�n�]j�c��L��#⇺� _t��~q��t��a��sD��P�~3�?��R��,}��y#N�T��z��,Y��h� T!��Y'��}ށ ��_��Z��c�L0N3g.��$3�)��d=eM� �V'��Տ/��hYh�IW�1�8[��,To��'#��&��uiG�Y�Ά��dvi�f�NNNH��^�^=��EGB� �G�˾M�pwC�ir`��E��=�,�5{&�� %�"jN'a@��M��!"P�ec�[�f�i

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e706f8884e1d0b84c6debb3d3403949d

Headers

File Characteristics

Imports

uskin

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

wininet

ws2_32

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 292KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 12KB - Virtual size: 34KB

.rsrc Size: 44KB - Virtual size: 40KB

.vmp0 Size: 424KB - Virtual size: 421KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 60KB - Virtual size: 57KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 12KB - Virtual size: 34KB

.rsrc
Size: 44KB - Virtual size: 40KB

.vmp0
Size: 424KB - Virtual size: 421KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 60KB - Virtual size: 57KB

.reloc
Size: 4KB - Virtual size: 2KB