72a85eea349f7b133e19d73bf110f6c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72a85eea349f7b133e19d73bf110f6c7_JaffaCakes118
Size

396KB
MD5

72a85eea349f7b133e19d73bf110f6c7
SHA1

f233eefa4a72232aefced1848567d00db6908eee
SHA256

8d5ac53136c9298ec404f390b82b046c322445205443dc05831c78b038085474
SHA512

8ec879dfdd7c65509ebf9c32d790509548ba8c2a8bdf5a2ad04f86514adf39fef0e67fc7f6484a8f318a9d804a681643f630ab6b93ee2541b2455ea38af2f4e8
SSDEEP

6144:thtTvMmFJuXpe9JuVVghjkPJ+uJgzVRPRnZrcjxNwya3ZFtH:3ncKJuVVghAPJJgDc4rpf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72a85eea349f7b133e19d73bf110f6c7_JaffaCakes118

Files

72a85eea349f7b133e19d73bf110f6c7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

faf509a01a6c450b079457e673195932

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
WSAStartup
select
connect
WSAIoctl
getpeername
getsockname
gethostbyname
closesocket
socket
recv
send
gethostname
htons
ntohs
setsockopt
WSACleanup

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

shlwapi

StrCmpIW
StrRChrW
StrStrIW
StrStrW

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

winmm

mixerSetControlDetails
mixerGetNumDevs
mixerGetDevCapsW
mixerGetLineInfoW
mixerClose
mixerGetControlDetailsW
waveInStart
mixerGetLineControlsW
waveOutUnprepareHeader
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveOutReset
waveOutPrepareHeader
waveOutGetNumDevs
waveOutOpen
mixerOpen
waveInUnprepareHeader
waveOutWrite
waveInClose
waveOutClose
waveInReset
waveInGetNumDevs

psapi

GetModuleFileNameExW
EnumProcessModules

userenv

CreateEnvironmentBlock

kernel32

GetModuleHandleA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
TlsSetValue
LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
SetEvent
GetTickCount
Sleep
CreateEventW
CloseHandle
lstrlenW
WideCharToMultiByte
lstrcpyW
ResetEvent
CancelIo
GetFileSize
FindFirstFileW
SetFilePointer
GetDriveTypeW
SetErrorMode
CreateProcessW
GetLogicalDriveStringsW
CreateDirectoryW
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW
GetLastError
MoveFileW
FindClose
RemoveDirectoryW
lstrcatW
FindNextFileW
GetDiskFreeSpaceExW
DeleteFileW
LocalFree
GetVolumeInformationW
GetCurrentProcess
TerminateThread
lstrcpynW
GetModuleFileNameW
InterlockedExchange
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetLocalTime
CreateFileMappingW
OutputDebugStringW
SetUnhandledExceptionFilter
GetModuleHandleW
FormatMessageW
IsBadWritePtr
FlushFileBuffers
GlobalSize
GlobalLock
InitializeCriticalSection
GlobalAlloc
LeaveCriticalSection
GlobalUnlock
EnterCriticalSection
GlobalFree
DeleteCriticalSection
lstrcmpiW
GetCurrentThreadId
GetCommandLineW
GetEnvironmentVariableW
SetPriorityClass
lstrlenA
GetCurrentThread
SetProcessPriorityBoost
LoadLibraryW
GetVersionExW
GetExitCodeProcess
SetThreadPriority
GetProcAddress
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetShortPathNameW
lstrcpyA
PeekNamedPipe
TerminateProcess
GetStartupInfoW
DisconnectNamedPipe
CreatePipe
ExpandEnvironmentStringsW
OpenProcess
HeapSize
LocalSize
MultiByteToWideChar
GlobalHandle
CreateThread
ExitThread
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
RaiseException
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyNameTextW
GetActiveWindow
GetWindowTextW
CallNextHookEx
wvsprintfW
mouse_event
SetClipboardData
SendMessageW
GetSystemMetrics
OpenClipboard
BlockInput
DestroyCursor
EmptyClipboard
SystemParametersInfoW
GetClipboardData
SetCursorPos
WindowFromPoint
LoadCursorW
SetWindowsHookExW
MapVirtualKeyW
CloseClipboard
keybd_event
GetCursorPos
GetDesktopWindow
ReleaseDC
SetRect
GetCursorInfo
GetDC
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
OpenDesktopW
OpenInputDesktop
PostMessageW
GetThreadDesktop
GetWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
DispatchMessageW
TranslateMessage
GetMessageW
UnhookWindowsHookEx
ExitWindowsEx
CharNextW
wsprintfW
GetClientRect
CreateWindowExW
CloseWindow
SetCapture
MessageBoxA

gdi32

BitBlt
DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

CreateServiceW
AdjustTokenPrivileges
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
FreeSid
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
RegDeleteValueW
QueryServiceStatus
DuplicateTokenEx
StartServiceW
ChangeServiceConfig2W
SetTokenInformation
RegOpenKeyW
CreateProcessAsUserW
RegQueryValueExW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
GetLengthSid
RegQueryValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW

shell32

SHChangeNotify
SHGetFileInfoW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

Exports

Exports

Install
Launch
Q��u�Of��ԡs�(��V<jȏ��3]~��q��`pe�%��q�P�+��:�F��Ė�aLEjx��ҜQOb�fX��ܑȗ��9{q�.��k��"� in��W��t�&u[%�4�+�mS'��eB�)\�l6U�� {H��?��%��>S.��^��>��P��f��#*=\WV;��w�se(�.��q~�)B͂��t=��l��ƌ�|�0�B1��Q��/��M��]{��¯*if$��@��C�%c�S\4 ��&��ڮ��Q�1��t�TT�l=�u��n�y�D��gv7�s;/��k>��˭��d�૴�EEd�.xALQc%��&l��re7h�^��$��k^��/�)>�K�I��Ƌ2T�d�{9��<z�W�)̣ԣ��=/�?U��ސ��ި$s�� 8o2�h+�3�b�'��A�\��c˖�� D� �/�z�5��cx�)�y�Bob�4�X��%"j$9��l ��9��6R�Ғ��K]��x�׿�Q/Z�l1��AC.e��B=��,�O��R}��BP1��.ӌ��6�/z��@�\Ev��;�G�G}��9;xײ��W�>%Cpj�� s�aM�ҶS��nQ{��&��UnZ^�Ҡ6 �\=~��v��Ho��>��1G��d�5CPie!p۟"M]�%nH�s��tAƭ��u��ݓa�� P�P�s�2�*cV֗�@ 2m��,Z`|xr��Qr�l9�h�� c3ʭ*W��Tf�4+VE�5�gDD��D��Ǒ)��z��F&��ى��t&�� z{�)�3�x\>��UcТ(#b.��'� �&x�{╙r} ��L�B}�ѓK��j��ء�a_o��v��r��ʸ��m1ۗZ.Fn*��iT� ؍��hr��X��!x�Ru;o�X+��@Ěq}�P�?�+v��*��:E�5�H]��1vp��BO��7��:��I��BN��5X߁MQ# ��Ŵ��o�T��.D��[��(��^v�P' ��g0fL�=�lW^�])�k�r�X郡<"�yӵJ=͞x�6:��,��3�,l��D��d�6��{S�ҲYr��,�+�p�QMAަ�|��#��[g�E6!c�w��NhTϡs�� S�SoEO��BW��B�*�1��:�׵��*K��hn�܊�@�i�e- �ww��M:&�r67� wx��3"\D�5��a�о >��1�/㙅�#��ֿZc}��M��{�x-��l2$j��v��&/��^��4�m��?<q'O5�u�DA6VPn��9K;��6�~��\��5�"�-�:XF�OL*��&��X��1fΏR3�Vv!(*�E0��Ǥ��T�UU��#��s�E-JP�"��cM��*�M�1��ĝ�:��5fWU�][@��/��/*��ąp��J"7m�)��>z5]z�A/a�0��}�sT��w׳�g�v��G`0Ԁs}�{��v�)t�5�x cTN�V��r��b1��9f!�B��H��:Tѹ� Ș��Q��a �Ik�]{�a�(�<��~,8�y�ph:D��-��'��=��4�CD2�:":�a�� {\�$:�iЛ��njT#7��ذ��~�׿��<ΩxJW��a�<�&��!��_x�6P��^A]��_$��R�b�u��Ϧ�t�v�� z ˫�R�[�ELI��z�!3�H\!,��od��A��A�/�?8��t)ӏ�\5H��aN4�t'��@αk�!�ݮ _F�ۓG+��5� )�Ӈ��FB�hI��_��/�{�`'&�Ԙ�Om]��W� x*<�$k�P�d&X�v��n�Q0�6�#�c�,{�� (�"Dii�گ�-wʋ��Ğ�i?`q��_P��q !o�?�8FM6�*��H�o�+�\� ��0�>I��y�4��I�3�{�/�-~��T�6�qs6��c�wI��8t��#�ȝ��^�(�Z��X�M�=��g9.t��e��h�Fe.{8Q)N_T�*5�W�N�&%/�^��e\�<q��z~\��`�`��H��y�qUG�n�"Ȯk+c:8�Zn��U�࿖F�F56Bh�i�v��|l� B�U�z��U��_LT��Q�v�O��r�d�B��S�8�_ v��~�ކ)b"��#��3u'Vw;.��Z�8!�PAYx.�վƷ5ھ+��4��@]x>:Ŧ?�y�ȩ��Y��#�>q�^��ȅ��#X�<�a1��baAc�U^ƹ�n��+�;�Qc�\��0�b��yC�h�Hц��Z��T�� ;�� F��߫��Zo��}�:��K�B�� }�� pU�b:��{'1,�}ެ�zw��/�iH�=��xbd��D��E�n��J�N4��(��FL=��u��fvA�(;��w>�Q3L��v~#0� ��ʄ^��J؉��Yf�rqH��-�+��f��-�wc6z�%l��;#�� `h%�e}�T�@&��YZ@�`K߿��)2l��r#�ygO`��Qq%LW�&NPhHG�^��K�7s_�_��\��쬁?�{5�\�Ȕ�t��i[��N5K�F4��D��~�s��*��\O�@0?�y�$�'�1߿<M�b2ym��\��\�O @*�@JK��KFC�o�� O;�qb�`�-��\�D�BWoZ��5y�(nw��K̑(��B��+��7;��!�C��!�� B[�*p�Ǝ�d ��C��w��_d�\s[]��k��X�ȃ� �s.��ЍR}��oX�t*�Ȩ�`/�`ʷ�59�zd�m��t�X�[�5TF��+��H��s��C1��S-��
ServiceMain
UnInstall

Sections

.text
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faf509a01a6c450b079457e673195932

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

shlwapi

imm32

winmm

psapi

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 464KB

.rodata Size: - Virtual size: 12KB

.rdata Size: - Virtual size: 92KB

.data Size: - Virtual size: 512KB

.rsrc Size: 1KB - Virtual size: 4KB

.vmp0 Size: - Virtual size: 22KB

.vmp1 Size: - Virtual size: 113KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 392KB - Virtual size: 392KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: - Virtual size: 464KB

.rodata
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 92KB

.data
Size: - Virtual size: 512KB

.rsrc
Size: 1KB - Virtual size: 4KB

.vmp0
Size: - Virtual size: 22KB

.vmp1
Size: - Virtual size: 113KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 392KB - Virtual size: 392KB

.reloc
Size: 512B - Virtual size: 160B