76ba117db31cb2171a4e5353dfaf98a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76ba117db31cb2171a4e5353dfaf98a0_JaffaCakes118
Size

74KB
MD5

76ba117db31cb2171a4e5353dfaf98a0
SHA1

fcf516fcb26ac196125d5e629a6d3e40a452ae4d
SHA256

83274e3b52d6d8ba32d2497f411e19aab18253407aab4404e15a14351c100db5
SHA512

6c329f1649588e50100a253769b676d94d2a11266035af6a379311ba4b80a3ae8505e77166521e775debc68482442de4d31110d62cb5760a50e0a90dfcad3e02
SSDEEP

1536:Xh9aTjsVxTuHSGQ6GxR9dRqcWiw/XrHqJu0pI/Q:xCsVxTXGQF7vRqcjwDKJnpn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76ba117db31cb2171a4e5353dfaf98a0_JaffaCakes118

Files

76ba117db31cb2171a4e5353dfaf98a0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

660ed04d4581cb375f5ac17992786a1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\代码\NewCode\2wow\防后门破解wow\release\MWDL.pdb

Imports

kernel32

lstrcpynA
CreateFileA
ReadFile
GetFileSize
CloseHandle
GetTempPathA
DeleteFileA
MultiByteToWideChar
GlobalAlloc
GlobalLock
WriteFile
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount
GetModuleHandleA
GetPrivateProfileStringA
CreateThread
WideCharToMultiByte
GetSystemTime
WritePrivateProfileStringA
IsBadReadPtr
GetModuleFileNameA
SetFilePointer
CreateMutexA
GetLastError
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
lstrcmpiA
lstrlenA
ExitProcess
lstrcmpA
Sleep
VirtualProtect
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
VirtualAlloc
OutputDebugStringA

user32

CallNextHookEx
PostThreadMessageA
GetDC
ReleaseDC
IsRectEmpty
GetSystemMetrics
SetWindowsHookExA
GetWindowTextA
IsWindowVisible
IsIconic
GetActiveWindow
ShowWindow
SetForegroundWindow
FindWindowA
FindWindowExA
GetWindowThreadProcessId
GetWindowInfo
PrintWindow
EnumWindows

gdi32

CreateCompatibleDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
GetObjectA
CreateDCA
GetDeviceCaps
DeleteDC
GetStockObject
SelectPalette
RealizePalette
GetDIBits

ws2_32

shutdown
inet_ntoa
gethostbyname

gdiplus

GdipCloneImage
GdipLoadImageFromFile
GdipGetImageEncodersSize
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile

wininet

InternetConnectA
InternetOpenA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetCloseHandle
HttpOpenRequestA

msvcrt

_local_unwind2
??3@YAXPAX@Z
atoi
malloc
free
memmove
strrchr
strstr
sprintf
??1type_info@@UAE@XZ
memset
memcpy
_except_handler3
??2@YAPAXI@Z

shlwapi

StrChrW

Exports

Exports

COMResModuleInstance
DeleteSelf
HHHH
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode
UUUU

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

660ed04d4581cb375f5ac17992786a1a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ws2_32

gdiplus

wininet

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 17KB

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 16KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 17KB

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 16KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 2KB