8565dda0d61f24bcc67ac5e503cd07a6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8565dda0d61f24bcc67ac5e503cd07a6_JaffaCakes118
Size

1.1MB
MD5

8565dda0d61f24bcc67ac5e503cd07a6
SHA1

e8110c93447207da333deb1c74819ae0738bdabc
SHA256

c089c843bc379b1bfd355f9b5144f9449eb0665cd8fe4e43868eee076499a118
SHA512

114cc41fa54de7c0abfd205c07b1b61c2261cd0eb581f077ab017f20d448dd1e066e0003790ecfe17ed10a6f4ebe40d7fcd7150adde4dc6f11a0c46e9ee3bad6
SSDEEP

24576:7WCy7i3WX9N+AU8jwIuaAwE+oifiQ6uiyyyQuZyHe5d3d2J:a9i3xH81VrjoHQdi7dHebd2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8565dda0d61f24bcc67ac5e503cd07a6_JaffaCakes118

Files

8565dda0d61f24bcc67ac5e503cd07a6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7ef3fda247638c7f6567dd4df2bfe014

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowCursor

advapi32

RegOpenKeyExA

oleaut32

VariantInit

version

GetFileVersionInfoA

gdi32

DeleteEnhMetaFile

ole32

CoGetClassObject

comctl32

ImageList_EndDrag

winspool.drv

DocumentPropertiesA

shell32

SHGetMalloc

comdlg32

PrintDlgA

msimg32

GradientFill

Sections

CODE
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ef3fda247638c7f6567dd4df2bfe014

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

winspool.drv

shell32

comdlg32

msimg32

Sections

CODE Size: - Virtual size: 1.1MB

DATA Size: - Virtual size: 20KB

BSS Size: - Virtual size: 4KB

.idata Size: - Virtual size: 10KB

.vmp0 Size: - Virtual size: 57KB

.rsrc Size: 7KB - Virtual size: 192KB

.vmp1 Size: - Virtual size: 415KB

.vmp2 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 204B

CODE
Size: - Virtual size: 1.1MB

DATA
Size: - Virtual size: 20KB

BSS
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 10KB

.vmp0
Size: - Virtual size: 57KB

.rsrc
Size: 7KB - Virtual size: 192KB

.vmp1
Size: - Virtual size: 415KB

.vmp2
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 204B