9463fbd0a096d7629751a54b61d903a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9463fbd0a096d7629751a54b61d903a9_JaffaCakes118
Size

495KB
MD5

9463fbd0a096d7629751a54b61d903a9
SHA1

71bb7840a0c94d45a7a3dc1945d40ea2155cf53d
SHA256

10d4c5ee5d879dd8e722a87bb122d23b46b8973f97201155c5941d8a17657fe5
SHA512

4f9382a462f272882273382cba94afbcb7dd3f09859c2dafeb640892f767742c6a747c529ccad508acec8d7e78a074d706fd823104ed0501b2d3aa710233ac70
SSDEEP

6144:8jDOUrwJ3bwCaVuRl3jrMXY+RYo4SC/MjNUVV9gyZSyF3:0SdM3MD3eRYG6m6V9Ik3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

9463fbd0a096d7629751a54b61d903a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24a63760fcc12809b108edbc9cd51a4b

Code Sign

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8e
Certificate

Issuer

CN=Microsoft Corporation

Not Before

19/11/2010, 08:37

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:bc:cc:28:fe:f8:5e:96:22:ed:f5:f4:9f:4f:b7:d0:40:0b:7a:0b
Signer

Actual PE Digest

53:bc:cc:28:fe:f8:5e:96:22:ed:f5:f4:9f:4f:b7:d0:40:0b:7a:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics
MessageBoxA

advapi32

RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoCreateGuid

htmlayout

HTMLayoutSetCallback

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW

comctl32

ImageList_Draw

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24a63760fcc12809b108edbc9cd51a4b

Code Sign

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8eCertificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

53:bc:cc:28:fe:f8:5e:96:22:ed:f5:f4:9f:4f:b7:d0:40:0b:7a:0bSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

htmlayout

iphlpapi

wininet

comctl32

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

.vmp0 Size: 128KB - Virtual size: 127KB

.vmp1 Size: 64KB - Virtual size: 62KB

73:ca:96:9b:2e:86:71:63:b2:f1:c7:e0:48:ce:23:8e
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

53:bc:cc:28:fe:f8:5e:96:22:ed:f5:f4:9f:4f:b7:d0:40:0b:7a:0b
Signer

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.vmp0
Size: 128KB - Virtual size: 127KB

.vmp1
Size: 64KB - Virtual size: 62KB