70c22ee49420b0c66ae8cd54040dc4f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

70c22ee49420b0c66ae8cd54040dc4f0_JaffaCakes118
Size

1.3MB
MD5

70c22ee49420b0c66ae8cd54040dc4f0
SHA1

2fa5da1e8ea35f7771cceb4247a906a72f66039c
SHA256

17c8e75138431701264635a48e3fbcb83fb0751bd944a074a78f24a68af3d297
SHA512

f9d0e87c738718a76fed047d06b41e17f904123484521efc6620745860414dc36dc53180b706f541534a1ce07bad974e09f91c0385253dd5db7fbba8fe83de49
SSDEEP

24576:tZiuiKy+rvOZju7rD/I+QimRMSkjibBNdQrd/+kNimGDdyF:eqR7rD1mR7kGdNDZy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70c22ee49420b0c66ae8cd54040dc4f0_JaffaCakes118

Files

70c22ee49420b0c66ae8cd54040dc4f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b805d5f544bf8eda3077aa4d7888ed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

SetClipboardData
MessageBoxA

gdi32

SetStretchBltMode

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

CreateILockBytesOnHGlobal

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

recv

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b805d5f544bf8eda3077aa4d7888ed7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 469KB

.rdata Size: - Virtual size: 850KB

.data Size: - Virtual size: 173KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 135KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 160B

.text
Size: - Virtual size: 469KB

.rdata
Size: - Virtual size: 850KB

.data
Size: - Virtual size: 173KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 135KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 160B