69c38705fc199cbd000d4fc8ac66d4e1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

69c38705fc199cbd000d4fc8ac66d4e1_JaffaCakes118
Size

888KB
MD5

69c38705fc199cbd000d4fc8ac66d4e1
SHA1

f22af58f0708f65b7af5e57be297d6d65e8eb333
SHA256

6562e544f713c7bb5f2195abef2760d5f0149df3b68e3c7050510fcbc9429e7a
SHA512

48b692ac82d3de149e60777cb1ce757ba332540f4081e020f5fdba2d45d6fd1ed8d9d13347436bf69ef51b77570da330d20a34d7203dba435d2c3877422af15d
SSDEEP

24576:veDx1/vo5elOjz9i4IHpC/WFaYQU5dgaGxU:27voiO0JC/WaYYLG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69c38705fc199cbd000d4fc8ac66d4e1_JaffaCakes118

Files

69c38705fc199cbd000d4fc8ac66d4e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fec303ef09dded2c22f1347e0c082cda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowContextHelpId
MessageBoxA

gdi32

GetObjectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

comctl32

ord17

oledlg

ord8

ole32

CoRegisterMessageFilter

olepro32

ord253

oleaut32

VariantClear

wininet

InternetReadFile

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 544KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fec303ef09dded2c22f1347e0c082cda

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 36KB - Virtual size: 34KB

.vmp0 Size: 544KB - Virtual size: 540KB

.vmp1 Size: 88KB - Virtual size: 87KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 36KB - Virtual size: 34KB

.vmp0
Size: 544KB - Virtual size: 540KB

.vmp1
Size: 88KB - Virtual size: 87KB