711f76e97a68202b8101a8bc41813e8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

711f76e97a68202b8101a8bc41813e8f_JaffaCakes118
Size

340KB
MD5

711f76e97a68202b8101a8bc41813e8f
SHA1

d4eff1caeb846432ba2697398766db6bd8cc6d40
SHA256

4b2e38abdce0c407d0dd87ecb53473c23734618119822ef1822463b81777f3ce
SHA512

79d64fd53fdae0a8260577bcffbebce00dc149364d1523f63a97ebcfb5198b73f88a1429d3833004c4b61febadc5deae4cfe7dc2c4705f5685254c78f5bb4e97
SSDEEP

6144:zRt1YCVPZ6KKiTc4ZEXSfNZYnhigFXyllslV7fa0G7Gn:NzY26KxkSlZYnhiwXklslV7g6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
711f76e97a68202b8101a8bc41813e8f_JaffaCakes118

Files

711f76e97a68202b8101a8bc41813e8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a04a748c0f4ba61d8699b9d5c49e4eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
Process32Next
GetModuleFileNameA
GetCommandLineA
WritePrivateProfileStringA
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
WriteFile
DeleteFileA
IsBadReadPtr
HeapFree
UnhandledExceptionFilter
FileTimeToSystemTime
Sleep
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
GetLastError
EnterCriticalSection
lstrcpyA
FreeLibrary
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
DuplicateHandle
HeapReAlloc
ReadFile
CloseHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetProcAddress
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrcmpiA
GetFileAttributesA
GetFileSize
GetFileTime
lstrcmpA
WaitForSingleObject
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
LCMapStringW
TerminateProcess
GetFileType
SetStdHandle
HeapSize
GetACP
GetLocalTime
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersion
lstrcatA
SetErrorMode
HeapAlloc
ExitProcess
GetProcessHeap
LocalAlloc
GetCurrentThreadId
LocalFree
lstrcpynA
RtlMoveMemory
GetModuleHandleA
SetWaitableTimer
CreateWaitableTimerA
Module32First
GetCurrentProcess
lstrlenA
TlsGetValue
LocalReAlloc
TlsSetValue
GetSystemDirectoryA
Process32First
CreateToolhelp32Snapshot
SetFilePointer
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SetWindowPos
GetWindowLongA
CopyIcon
CopyImage
LoadIconA
SetWindowLongA
MsgWaitForMultipleObjects
SetLayeredWindowAttributes
GetForegroundWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
KillTimer
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetFocus
SetFocus
GetClassNameA
IsWindow
GetDlgItem
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
UnhookWindowsHookEx
DestroyIcon
TrackMouseEvent
SetCursor
DefMDIChildProcA
DestroyWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
LoadCursorA
GetSysColorBrush
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
GetMessagePos
GetWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadStringA
UnregisterClassA
CopyRect
GetKeyState
CharUpperA
GetMessageTime
EndDialog
GetClientRect
DefWindowProcA
SendMessageA
EndPaint
BeginPaint
CallWindowProcA
GetAsyncKeyState
SetTimer
MessageBoxA

gdi32

SetTextColor
CreateRoundRectRgn
CreatePatternBrush
CreateSolidBrush
StretchBlt
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteObject
SetBkColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC

shell32

DragFinish
DragQueryFileA
DragAcceptFiles
Shell_NotifyIconA
ShellExecuteA
StrCmpNIA

atl

ord47
ord42

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VarR8FromBool
OleLoadPicture
VarR8FromCy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

shlwapi

PathFileExistsA

winmm

PlaySoundA

rasapi32

RasDialA
RasHangUpA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

wsock32

gethostname
WSACleanup
WSAStartup
ioctlsocket
gethostbyname
WSASetLastError
socket
setsockopt
select
closesocket
recv
send
connect
htons

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetReadFile
InternetOpenA
FtpRemoveDirectoryA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a04a748c0f4ba61d8699b9d5c49e4eb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

atl

ole32

oleaut32

shlwapi

winmm

rasapi32

comdlg32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: - Virtual size: 228KB

.rdata Size: - Virtual size: 30KB

.data Size: - Virtual size: 278KB

.rsrc Size: 28KB - Virtual size: 25KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 304KB - Virtual size: 300KB

.reloc Size: 4KB - Virtual size: 72B

.text
Size: - Virtual size: 228KB

.rdata
Size: - Virtual size: 30KB

.data
Size: - Virtual size: 278KB

.rsrc
Size: 28KB - Virtual size: 25KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 304KB - Virtual size: 300KB

.reloc
Size: 4KB - Virtual size: 72B