a2f7c2c45a4fc0a483855da4ac76460a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2f7c2c45a4fc0a483855da4ac76460a_JaffaCakes118
Size

136KB
MD5

a2f7c2c45a4fc0a483855da4ac76460a
SHA1

eb3a9561955e45b237d69a6ad18d2edc7fa6b3df
SHA256

a398ff44f5e5c80a67814c196ee35a420d36d19732572ad1e322304bfa7933ba
SHA512

d6c591914302df8ca985eeb893a3fbd0daf9c7b2dab5698a60eab9ed609de80d67b5e209a3cdc9f39df6550770e67630a6ab7decbdb04b6be03c5adb633c6fe5
SSDEEP

3072:S7H6Wf4affR3lAwjd/FvStXEHgNzuDfHmaDmjpXLpt8t9a:iH6Wfph3lAO1FvSNsg6XAVyt

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2f7c2c45a4fc0a483855da4ac76460a_JaffaCakes118

Files

a2f7c2c45a4fc0a483855da4ac76460a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0fd53052141bea01ac5024a1bddf97f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

user32

CharNextA
wsprintfA
MessageBoxA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
strncpy
__CxxFrameHandler
strcmp
memset
strchr
_ftol
srand
rand
_except_handler3
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
strlen
_strrev
_strlwr
_stricmp

kernel32

lstrlenA
DeleteFileA
SetFileAttributesA
GetTickCount
GetSystemDirectoryA
lstrcatA
Sleep
GetModuleHandleA
ExitProcess
SetEnvironmentVariableA
lstrcpyA
GetWindowsDirectoryA
GetTempPathA
CreateDirectoryA
MoveFileA
SetFileTime
GetFileTime
WriteFile
CreateFileA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetShortPathNameA
SleepEx
ExpandEnvironmentStringsA
OpenEventA
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetLastError
GetCurrentProcess
CloseHandle
GetFileAttributesA
GetCurrentDirectoryA
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

GetServiceKeyNameA
GetServiceDisplayNameA
ControlService
CreateServiceA
RegSaveKeyA
RegRestoreKeyA
DeleteService
CloseServiceHandle
ChangeServiceConfig2A
RegConnectRegistryA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0fd53052141bea01ac5024a1bddf97f

Headers

File Characteristics

Imports

shlwapi

user32

msvcrt

kernel32

advapi32

Sections

.text Size: - Virtual size: 7KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 164KB

.rsrc Size: 4KB - Virtual size: 4KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 124KB - Virtual size: 120KB

.reloc Size: 4KB - Virtual size: 64B

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 164KB

.rsrc
Size: 4KB - Virtual size: 4KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 124KB - Virtual size: 120KB

.reloc
Size: 4KB - Virtual size: 64B