824c1378c9072ac1a6fbe5c0b5af3b4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

824c1378c9072ac1a6fbe5c0b5af3b4d_JaffaCakes118
Size

671KB
MD5

824c1378c9072ac1a6fbe5c0b5af3b4d
SHA1

1a80023d896090d8018307b82d32c1c88fb7a530
SHA256

c931637bb1d5fa6b8b3363c8578545fefbbf42eb7173912890411ee3310a5b97
SHA512

f20e55c33ba937cf795b3c1245d9d1ee57223f872f7e577096a607fff16919ef4a2801d78ec26bc99035697c233f5960260b2c1fde66ac50ab7f1c1a70f65a92
SSDEEP

12288:b/Klpo/xdCkwecsr/tgbyNUbHHidHhiWvH2l9+X4eeShulQADV0SQiouNFZV:bilpo/FNCbyNUrCdHhiWP0+X4ehEo8D

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
824c1378c9072ac1a6fbe5c0b5af3b4d_JaffaCakes118

Files

824c1378c9072ac1a6fbe5c0b5af3b4d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

86af49131e7fbb262d7c1cdb1f3464c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualProtectEx
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadKeyboardLayoutA

advapi32

RegQueryValueExA

oleaut32

GetActiveObject

version

GetFileVersionInfoA

gdi32

RestoreDC

ole32

StringFromCLSID

olepro32

OleLoadPicture

comctl32

ImageList_Create

shell32

SHGetFileInfoA

Sections

CODE
Size: - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 665KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86af49131e7fbb262d7c1cdb1f3464c3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

olepro32

comctl32

shell32

Sections

CODE Size: - Virtual size: 551KB

DATA Size: - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: - Virtual size: 9KB

.vmp0 Size: - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 62KB

.vmp1 Size: - Virtual size: 275KB

.vmp2 Size: 665KB - Virtual size: 665KB

.reloc Size: 512B - Virtual size: 140B

CODE
Size: - Virtual size: 551KB

DATA
Size: - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: - Virtual size: 9KB

.vmp0
Size: - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 62KB

.vmp1
Size: - Virtual size: 275KB

.vmp2
Size: 665KB - Virtual size: 665KB

.reloc
Size: 512B - Virtual size: 140B