84644313bac2cfc8b10bdf831fe4bd70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84644313bac2cfc8b10bdf831fe4bd70_JaffaCakes118
Size

744KB
MD5

84644313bac2cfc8b10bdf831fe4bd70
SHA1

ef8857873d6db65faa9e29e91dbeb5b6e7f907a7
SHA256

00f4b19ea8daab38e9212b277bc02246aca21f3f12dd518ff1f613ac63d6b389
SHA512

769b14ecef7163060fcbba4e74f3719ef99171145bf87e18c2e5a421b623386674455646b7fe818c47eee7b294cff6d4326ff27431e369370d4bc08f392002dd
SSDEEP

12288:JKQyzdnZgxnwKtFauMVgsBEhHKoo10qTeIG83qoSSx/Gdmz4Vk1zjnEGR1X9i+Xp:JunZmwmFLygsChHK3WKEZdiKk1zjnEKZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84644313bac2cfc8b10bdf831fe4bd70_JaffaCakes118

Files

84644313bac2cfc8b10bdf831fe4bd70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

590a24c03f268c376d4e6f3d9acc9d6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
EscapeCommFunction
CreateEventA
ResetEvent
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
SetLocalTime
GetCommandLineA
CreateProcessA
SetCurrentDirectoryA
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetModuleHandleA
GlobalSize
GlobalLock
GlobalFree
lstrcatA
WinExec
lstrcpyA
GetCurrentDirectoryA
GetPrivateProfileSectionNamesA
GetDriveTypeA
GetVolumeInformationA
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
HeapAlloc
WaitForSingleObject
GetProcessHeap
CreateThread
DeleteFileA
RemoveDirectoryA
FindNextFileA
GetModuleFileNameA
Sleep
MulDiv
FindFirstFileA
FindClose
LoadLibraryA
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetFullPathNameA
lstrlenW
lstrlenA
GetUserDefaultLCID
GetTickCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitThread
GetEnvironmentVariableA
GetProfileStringA
SetEvent
GetCommModemStatus
GetOverlappedResult
WaitForMultipleObjects
ClearCommError
WaitCommEvent
PurgeComm
ReadFile
WriteFile
SetCommState
GetCommState
SetCommMask
SetCommTimeouts
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
SetLastError
lstrcpynA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
DuplicateHandle
GetCurrentProcess
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetFileTime
SetStdHandle
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetEnvironmentVariableA
SetEnvironmentVariableW
IsBadWritePtr
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
ReleaseMutex
CreateMutexA
SuspendThread
SetThreadPriority
GetCurrentThread
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
SizeofResource
LockResource
VirtualAlloc
GetLastError
LoadLibraryExA
FormatMessageA
LocalFree
FreeLibrary
GetProcAddress
lstrcmpiA
VirtualFree
GetLogicalDriveStringsA
ExitProcess
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetClassNameA
WindowFromPoint
CharUpperA
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCursorPos
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
IsClipboardFormatAvailable
ClientToScreen
GetCapture
LoadCursorA
AdjustWindowRect
EnableMenuItem
GetSubMenu
GetMenu
EqualRect
IntersectRect
GetFocus
IsRectEmpty
IsChild
DestroyIcon
GetKeyState
LoadBitmapA
LoadImageA
EnumDisplaySettingsA
ReleaseDC
GetDC
UpdateWindow
DispatchMessageA
TranslateMessage
SetWindowLongA
GetWindowLongA
IsWindowVisible
SetParent
SetScrollPos
SetScrollRange
GetScrollRange
PostMessageA
SetTimer
KillTimer
WinHelpA
ChildWindowFromPointEx
ScreenToClient
SetWindowRgn
DestroyCursor
DestroyAcceleratorTable
GetWindow
GetTopWindow
GetActiveWindow
SetWindowPos
DestroyMenu
SetActiveWindow
IsIconic
PeekMessageA
SetFocus
InvalidateRect
SetCursorPos
WaitForInputIdle
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
MessageBeep
LockWindowUpdate
ValidateRect
SetForegroundWindow
TrackPopupMenu
ScrollDC
InvertRect
SetCursor
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
RegisterClipboardFormatA
SetRectEmpty
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
LoadIconA
GetDesktopWindow
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetWindowDC
BeginPaint
EndPaint
GetDlgCtrlID
SetMenu
wsprintfA
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
GetSysColorBrush
LoadStringA
UnregisterClassA
MessageBoxA
GetMessageA
MessageBoxA

gdi32

Escape
CreateRectRgnIndirect
ExtCreateRegion
GetTextMetricsA
GetROP2
GetStretchBltMode
GetPolyFillMode
StartPage
EndPage
CreateDCA
DPtoLP
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
Ellipse
RoundRect
FillRgn
GetCurrentObject
CombineRgn
CreateRectRgn
GetClipRgn
CreatePolygonRgn
SetPixelV
LPtoDP
Pie
GetViewportOrgEx
GetWindowOrgEx
PatBlt
CreateCompatibleDC
ExtTextOutA
CreateSolidBrush
GetStockObject
GetObjectA
ScaleViewportExtEx
GetDeviceCaps
GetViewportExtEx
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
Chord
Arc
Polygon
EndDoc
GetTextColor
Rectangle
SelectClipRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetWindowExtEx
GetBkMode
TextOutA
RectVisible
BitBlt
PtVisible
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
BeginPath
EndPath
ExtSelectClipRgn
GetPixel
GetBkColor
LineTo
MoveToEx
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
RealizePalette
StartDocA
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetSystemPaletteEntries
SelectPalette
GetDIBits
CreateDIBSection
SetPixel
SetWindowOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
SetFormA
ClosePrinter
AddFormA
DeleteFormA
GetFormA
EnumFormsA

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA
CommDlgExtendedError
PrintDlgA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleInitialize
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
OleRun
CoCreateInstance

oleaut32

VarDateFromStr
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
GetActiveObject
VariantClear
VariantChangeType
VariantInit
VariantCopyInd
SysAllocString
UnRegisterTypeLi
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
SafeArrayDestroy
SafeArrayCreate
OleCreatePictureIndirect
OleCreateFontIndirect
SafeArrayPutElement

winmm

waveOutPause
waveOutUnprepareHeader
midiStreamRestart
waveOutWrite
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
waveOutPrepareHeader

comctl32

ord17
ImageList_LoadImageA
ImageList_Destroy

ws2_32

closesocket
send
select
WSAAsyncSelect
inet_ntoa
inet_addr
accept
gethostbyaddr
gethostname
WSACleanup
WSAStartup
htons
bind
htonl
gethostbyname
getpeername
listen
recv
connect
ioctlsocket
recvfrom
sendto
setsockopt
socket

Sections

.text
Size: - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

590a24c03f268c376d4e6f3d9acc9d6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

ws2_32

Sections

.text Size: - Virtual size: 802KB

.rdata Size: - Virtual size: 130KB

.data Size: - Virtual size: 134KB

.rsrc Size: 92KB - Virtual size: 241KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 644KB - Virtual size: 642KB

.reloc Size: 4KB - Virtual size: 60B

.text
Size: - Virtual size: 802KB

.rdata
Size: - Virtual size: 130KB

.data
Size: - Virtual size: 134KB

.rsrc
Size: 92KB - Virtual size: 241KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 644KB - Virtual size: 642KB

.reloc
Size: 4KB - Virtual size: 60B