857e58e05546ef589de154d1130fd348_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

857e58e05546ef589de154d1130fd348_JaffaCakes118
Size

1.1MB
MD5

857e58e05546ef589de154d1130fd348
SHA1

de5f135e143624837f9ce636f6172f5ceabcded3
SHA256

7b46ae46982b2bdc7a68e3eb1d5ee2e5e35aeafe01db369254ef231ee7b2b376
SHA512

a97aabb2e3c20723aa27bb6509339f49f738c027413533db4e14cd54d2d7c04dea28b0363253349ac393f32d3d44c72ad3d006652e1ab2d662ba005b9431fa1a
SSDEEP

24576:9eLBDH0DOMCJrTpHPzKxb3qSyN1zTeWGDx8Oign8ClunezH:GVHnHNTpH7wbM1zyWNOV36Y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
857e58e05546ef589de154d1130fd348_JaffaCakes118

Files

857e58e05546ef589de154d1130fd348_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5551bf67019376b4d6f50b06eda8d82f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
TlsGetValue
GetProcessVersion
GetFileAttributesW
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
TlsSetValue
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
CreateFileA
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GlobalReAlloc
TlsFree
FindResourceA
GlobalAddAtomA
GetProfileStringA
GlobalHandle
TlsAlloc
SizeofResource
GlobalFlags
MulDiv
lstrcmpW
GlobalAlloc
lstrcmpiA
GetCurrentThread
SetLastError
lstrcmpiW
GetThreadLocale
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
lstrcpynW
EnterCriticalSection
FormatMessageW
LocalFree
lstrcmpA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrlenA
GetVersion
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
TerminateThread
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
lstrlenW
WritePrivateProfileStringW
WritePrivateProfileStringA
GetModuleFileNameW
GetCurrentDirectoryW
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
VirtualAllocEx
WriteProcessMemory
CreateNamedPipeA
GetProcAddress
CreateRemoteThread
WriteFile
GetLastError
VirtualFreeEx
OpenProcess
CreateProcessW
ReadFile
GetCurrentProcessId
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
MoveFileExW
GetModuleFileNameA
GetWindowsDirectoryA
CopyFileA
GetFileAttributesA
MoveFileExA
GetTickCount
DeleteFileW
CopyFileW
ResetEvent
Sleep
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
CreateDirectoryW
SetHandleCount
CloseHandle
VirtualProtect

user32

SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
PostMessageW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
MessageBoxW
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
DefWindowProcW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
ModifyMenuW
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
SendMessageW
EnableWindow
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
wsprintfW
SetParent
GetTopWindow
GetParent
GetFocus
SetFocus
GrayStringW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
LoadStringW
GetDesktopWindow
CharUpperW
DrawTextW
TabbedTextOutW
OffsetRect
FillRect
GetSysColor
InvalidateRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
LoadIconW
AppendMenuW
GetSystemMenu
PostQuitMessage
PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableW
CharNextW
GetWindow
GetSysColorBrush
PtInRect
GetClassNameW
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
MapDialogRect
SetWindowContextHelpId
GetDC
ReleaseDC
GetMessageW
TranslateMessage
ValidateRect
GetCursorPos
GetMessagePos
SetCursor
LoadCursorW

gdi32

RestoreDC
SelectObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
IntersectClipRect
SetTextAlign
SaveDC
DeleteObject
GetViewportExtEx
GetWindowExtEx
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
DeleteDC
PatBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
CreateRectRgn
GetWindowOrgEx
GetObjectW
GetTextExtentPoint32W
GetViewportOrgEx
GetDeviceCaps
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExA
RegSetValueExW

shell32

ShellExecuteW

comctl32

ord17
ImageList_Destroy

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

wininet

InternetGetLastResponseInfoW
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW

ws2_32

select
recv
WSCDeinstallProvider
WSCInstallProvider
WSCEnumProtocols
WSACleanup
WSAStartup
connect
closesocket
shutdown
setsockopt
send
socket
htons
inet_addr
gethostbyname

sporder

WSCWriteProviderOrder

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate
UuidFromStringA

shlwapi

PathFindFileNameW

Sections

.text
Size: - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5551bf67019376b4d6f50b06eda8d82f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

ws2_32

sporder

rpcrt4

shlwapi

Sections

.text Size: - Virtual size: 210KB

.rdata Size: - Virtual size: 52KB

.data Size: - Virtual size: 41KB

.rsrc Size: 8KB - Virtual size: 17KB

.vmp0 Size: - Virtual size: 876KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 136B

.text
Size: - Virtual size: 210KB

.rdata
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 41KB

.rsrc
Size: 8KB - Virtual size: 17KB

.vmp0
Size: - Virtual size: 876KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 136B