7401eaf868f009d0be9afc8fb99a35d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7401eaf868f009d0be9afc8fb99a35d0_JaffaCakes118
Size

263KB
MD5

7401eaf868f009d0be9afc8fb99a35d0
SHA1

a21dbba80097f885c2d98779b0c1e7ea40729dee
SHA256

1121d0d0c7b827ffee7226647e41ccfaba67b441963afbd79b234ffc5774cd5e
SHA512

3306eec5ba82a1fc6b4027d5a111409d599b125b9c556c894728d313379a8cdbfbd2d1ec3c5bbabd920b4a121c6a63501327549747a4635b574dd6326940d8e3
SSDEEP

6144:mFScI4CRRQIBVE0Rlp7uYB5+P3ZA4OLJAKwfZHlDci0ICzNmvo:NPlRBB1OYscLJbwRHWVICRmv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7401eaf868f009d0be9afc8fb99a35d0_JaffaCakes118

Files

7401eaf868f009d0be9afc8fb99a35d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c802013f80c4e0fb52d9025c9da1c47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LocalReAlloc
FileTimeToSystemTime
MultiByteToWideChar
LocalAlloc
LocalFree
CreateFileA
GetCurrentProcess
OpenProcess
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
ReadFile
TerminateProcess
CreateProcessA
CreateEventA
Sleep
TerminateThread
CompareStringW
CreatePipe
GetProcessHeap
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetLastError
GetStartupInfoA
CompareStringA
WriteFile
SetEvent
WaitForSingleObject
PeekNamedPipe
GetSystemDirectoryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
ExitThread
GetCurrentThreadId
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
SetFilePointer
HeapSize
HeapCreate
VirtualFree
VirtualAlloc
GetTimeZoneInformation
FreeEnvironmentStringsA
SetEnvironmentVariableA
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

GetTokenInformation
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ws2_32

connect
WSAStartup
getprotobyname
setsockopt
WSACleanup
closesocket
recv
select
__WSAFDIsSet
send
htons
gethostname
inet_ntoa
gethostbyname
socket

secur32

FreeContextBuffer
EncryptMessage
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
DeleteSecurityContext
QueryContextAttributesA

dnsapi

DnsFree
DnsQuery_A

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertNameToStrA

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c802013f80c4e0fb52d9025c9da1c47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

secur32

dnsapi

crypt32

user32

Sections

.text Size: - Virtual size: 256KB

.rdata Size: - Virtual size: 48KB

.data Size: - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 27KB

.vmp1 Size: - Virtual size: 99KB

.vmp2 Size: 260KB - Virtual size: 259KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: - Virtual size: 256KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 27KB

.vmp1
Size: - Virtual size: 99KB

.vmp2
Size: 260KB - Virtual size: 259KB

.reloc
Size: 512B - Virtual size: 56B