89c0e951c5edcaffedd1a8dfb219ae2c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89c0e951c5edcaffedd1a8dfb219ae2c_JaffaCakes118
Size

48KB
MD5

89c0e951c5edcaffedd1a8dfb219ae2c
SHA1

2f48fbc00b3338f8731dab0c3299ff558e237fc5
SHA256

c0c1afd805e5357a87410b96c62e8dceb3c3dd2a3626a608579c1f2964be9f39
SHA512

f732a00415facf94b674f3e67603c14ab356a8d593de2eec6be46cd514cdfad0ccf7c5239b248d1458ff11a3ac69bca9a347249e67db26d59596e966ef2a8236
SSDEEP

768:kdS+6qLe5tIEHEunsIIifcW3xpCwYqbCMpuYSgrVJH/zkpRsh:kdrfLOt/nB50WBpneMpuncD7koh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89c0e951c5edcaffedd1a8dfb219ae2c_JaffaCakes118

Files

89c0e951c5edcaffedd1a8dfb219ae2c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3795b951c64936ae5752947d8c9ec888

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreateThread
DisableThreadLibraryCalls
DuplicateHandle
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentThread
GetModuleFileNameA
GetModuleHandleA
GetThreadContext
ResumeThread
SetThreadPriority
Sleep
SuspendThread
TerminateThread
VirtualProtect
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

_close
_open
_write
__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memcpy
memset
perror
strstr

user32

GetAsyncKeyState
MessageBeep
MessageBoxA
MessageBoxA

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 320B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 464B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3795b951c64936ae5752947d8c9ec888

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: - Virtual size: 6KB

.data Size: - Virtual size: 128B

.rdata Size: - Virtual size: 624B

.bss Size: - Virtual size: 320B

.idata Size: - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 776B

.vmp0 Size: - Virtual size: 464B

.vmp1 Size: - Virtual size: 19KB

.vmp2 Size: 45KB - Virtual size: 45KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 128B

.rdata
Size: - Virtual size: 624B

.bss
Size: - Virtual size: 320B

.idata
Size: - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 776B

.vmp0
Size: - Virtual size: 464B

.vmp1
Size: - Virtual size: 19KB

.vmp2
Size: 45KB - Virtual size: 45KB

.reloc
Size: 512B - Virtual size: 124B