689fafb837ccbe9ecffb0d093750dfa8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

689fafb837ccbe9ecffb0d093750dfa8_JaffaCakes118
Size

1.8MB
MD5

689fafb837ccbe9ecffb0d093750dfa8
SHA1

0d47b2626e736ed5a333e054ccd64c3efb682dd4
SHA256

c41cc7d7bea2ecd77f181fdcfe860b7b83cb5711c1a0fe5774f8cd68196b18a8
SHA512

396599b8dfa3ecfe88f25371fc18fee7aeb740d1a150c48543b6d5000a8dcf133384a540016a8981f2171966650e657c6d2be183ebea6b5402a6af495c0ea643
SSDEEP

49152:QDxU9kSC0R4dH04V6ASy21sFWduqO2x7kPY:eU9kSBRSU4tSycq2VkA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
689fafb837ccbe9ecffb0d093750dfa8_JaffaCakes118

Files

689fafb837ccbe9ecffb0d093750dfa8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4cebde1e693c5d7545ea9bdab008273

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

gdi32

CreateBitmap

winmm

waveOutGetNumDevs

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

OleIsCurrentClipboard

oleaut32

SafeArrayGetElemsize

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

recv

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4cebde1e693c5d7545ea9bdab008273

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 497KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 210KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 385KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.8MB - Virtual size: 1.7MB

.text
Size: - Virtual size: 497KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 210KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 385KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.8MB - Virtual size: 1.7MB