787f27d74f4a999292708524b22d22f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

787f27d74f4a999292708524b22d22f3_JaffaCakes118
Size

2.0MB
MD5

787f27d74f4a999292708524b22d22f3
SHA1

dea1351bc0878acaad640ce0d991ca70dd7edb51
SHA256

f64f983624d6720dde6b70444a5422b639b2fcb094fb608e621d53f38ee31add
SHA512

14260d741039cfdc626dff8cf7fe144f07edb2e9fd0ae5599e8d22b322eb467a38b71fd0746caba6d606a84b2e69be08fe487678246a7228f80ecc945c30afc2
SSDEEP

49152:qjcMMCpLUfFEulvXZrRTDX6nnI/IqqBcvM/0p:qjchC5ZulRrRTDaI/IqTMg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
787f27d74f4a999292708524b22d22f3_JaffaCakes118

Files

787f27d74f4a999292708524b22d22f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

85550e8db593825f4d1cc7de46b16f94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

WSAAsyncSelect

kernel32

GetLocalTime
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

IsZoomed
MessageBoxA

gdi32

ExtSelectClipRgn

winspool.drv

ClosePrinter

advapi32

RegQueryValueExA

shell32

DragAcceptFiles

ole32

StgCreateDocfileOnILockBytes

oleaut32

VariantClear

comctl32

ImageList_Add

oledlg

ord8

comdlg32

ChooseColorA

msvcrt

malloc

iphlpapi

GetAdaptersInfo

psapi

GetMappedFileNameW

Sections

.text
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cfqt
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cfqt
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85550e8db593825f4d1cc7de46b16f94

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

msvcrt

iphlpapi

psapi

Sections

.text Size: - Virtual size: 1.9MB

.cfqt Size: - Virtual size: 1.2MB

.idata Size: - Virtual size: 4KB

.rsrc Size: 112KB - Virtual size: 112KB

.cfqt Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 4KB - Virtual size: 144B

.text
Size: - Virtual size: 1.9MB

.cfqt
Size: - Virtual size: 1.2MB

.idata
Size: - Virtual size: 4KB

.rsrc
Size: 112KB - Virtual size: 112KB

.cfqt
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 4KB - Virtual size: 144B