a168e6e0c013945e3760bf5564fcfc08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a168e6e0c013945e3760bf5564fcfc08_JaffaCakes118
Size

936KB
MD5

a168e6e0c013945e3760bf5564fcfc08
SHA1

5d12efbf9e67976ff0b9f4b43f8ad5c29954ebc6
SHA256

0408a9069fd692da23cf0a08f46c433164deef89185ae9f5e95819f264ed1065
SHA512

38dd78cc9f36bd01b94834c26565433cc9019ec18ac76cfa7e0df2e7dd75119238202e80f38a12233dca99706a55a7d163224a045fa9aeba4c13c70413316711
SSDEEP

24576:yBwPNhdEt6kYiRYgbKTJ6U7w9nIufk9e3ON19oSwMwWloA:yaGxR7cUNNse3ON19twWloA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a168e6e0c013945e3760bf5564fcfc08_JaffaCakes118

Files

a168e6e0c013945e3760bf5564fcfc08_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8824cfe903e0f962609cdddadca95c0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SafeArrayGetUBound

advapi32

RegQueryValueExW

user32

SetTimer

kernel32

SwitchToThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msimg32

AlphaBlend

gdi32

SetViewportOrgEx

version

GetFileVersionInfoSizeW

ole32

OleInitialize

comctl32

ImageList_Destroy

msvck80

InitX

ntdll

NtSetInformationThread

Sections

.text
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 57KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8824cfe903e0f962609cdddadca95c0c

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

msvck80

ntdll

Sections

.text Size: - Virtual size: 588KB

.itext Size: - Virtual size: 2KB

.data Size: - Virtual size: 12KB

.bss Size: - Virtual size: 57KB

.idata Size: - Virtual size: 11KB

.vmp0 Size: - Virtual size: 639KB

.vmp1 Size: 928KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 180B

.rsrc Size: 6KB - Virtual size: 79KB

.text
Size: - Virtual size: 588KB

.itext
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 12KB

.bss
Size: - Virtual size: 57KB

.idata
Size: - Virtual size: 11KB

.vmp0
Size: - Virtual size: 639KB

.vmp1
Size: 928KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 180B

.rsrc
Size: 6KB - Virtual size: 79KB