71d84d9db1d83998700d87487af7485d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71d84d9db1d83998700d87487af7485d_JaffaCakes118
Size

171KB
MD5

71d84d9db1d83998700d87487af7485d
SHA1

8f17f0af9132d08c24ca0a5b6274999070fe3c56
SHA256

054b5d2459ad827f389ecc3be33135e4a2342564a3e395c19609bd3af1c8db04
SHA512

33b680737446d83bca7ca4fbdbc83065f7443b26d1f7d7b6116f7af0eae0b7f3273ecd8688af21a86e88c246c19c074bdc7ad4daf186a1155cc1ee9cce3de273
SSDEEP

3072:Jydiah0J2C4Iz+17nwYDIaEar04FD8SPZyF83C9A97ki6fau2awmJBt:8dQ9fO7wYDI/uFDnkOsHwmJBt

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71d84d9db1d83998700d87487af7485d_JaffaCakes118

Files

71d84d9db1d83998700d87487af7485d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9978c7e8036dd2559853fe61d0ba5eb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx
MessageBoxA

gdi32

DeleteObject

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32

listen

shlwapi

StrCmpW

psapi

GetModuleFileNameExA

imm32

ImmReleaseContext

avicap32

capCreateCaptureWindowA

winmm

waveInUnprepareHeader

msvcrt

malloc

kernel32

lstrcatW
LoadLibraryA
VirtualProtect
GetModuleFileNameA

Exports

Exports

DoLeiMing
DoMainWork
ServiceMain

Sections

.text
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9978c7e8036dd2559853fe61d0ba5eb1

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

winmm

msvcrt

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 66KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 2KB

Share Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 3KB

.vmp1 Size: - Virtual size: 102KB

.vmp2 Size: 161KB - Virtual size: 161KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: - Virtual size: 66KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 2KB

Share
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 3KB

.vmp1
Size: - Virtual size: 102KB

.vmp2
Size: 161KB - Virtual size: 161KB

.reloc
Size: 512B - Virtual size: 212B