669c4ad68ba48918cf4082cc20ab3eb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

669c4ad68ba48918cf4082cc20ab3eb3_JaffaCakes118
Size

292KB
MD5

669c4ad68ba48918cf4082cc20ab3eb3
SHA1

6863333d35cf8d3b17ef61cf272906d3eb393945
SHA256

29ea7e7c02198bbf0cfc7628f826451b9e8f5d3647951a01c6427a4e5e841bbd
SHA512

7621461637dc6e9f16c7681675e34e6fbc91414c44707870c4dc5817f608e74dfc04ee0b9566bdd1f69691b69c1b0f7d41aa6cf2f3e915b1426ef5a2a1a1b8c3
SSDEEP

6144:agot5CPnk0RYcXsBsSZ3yTVHGL6bkxo7Ye:aR56k0ecvBb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
669c4ad68ba48918cf4082cc20ab3eb3_JaffaCakes118

Files

669c4ad68ba48918cf4082cc20ab3eb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a18ace829ac2efe8e6810a9fa0329ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
LoadResource
SizeofResource
GetModuleHandleA
FindResourceA
lstrcpyA
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
VirtualAlloc
GetProcAddress
GetVersionExA
ReadFile
MoveFileExA
CreateProcessA
FreeLibrary
Sleep
LoadLibraryA
WriteFile
VirtualFree
GetSystemInfo
CloseHandle
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapFree
HeapAlloc
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

user32

MessageBoxA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a18ace829ac2efe8e6810a9fa0329ca0

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 224KB - Virtual size: 223KB

.vmp0 Size: 8KB - Virtual size: 4KB

.vmp1 Size: 8KB - Virtual size: 7KB

.rsrc1 Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 224KB - Virtual size: 223KB

.vmp0
Size: 8KB - Virtual size: 4KB

.vmp1
Size: 8KB - Virtual size: 7KB

.rsrc1
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 1KB