a361257e3e3bcecfff6a0e928b01b1a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a361257e3e3bcecfff6a0e928b01b1a4_JaffaCakes118
Size

52KB
MD5

a361257e3e3bcecfff6a0e928b01b1a4
SHA1

14bfa36101a8dc48740b0fb9cda9478baadc7eec
SHA256

dcc953e07d3b6b2185bdcabc9a18e4971ec330cf54b433b7d8dd15622e7bd69c
SHA512

be975522a6b710a82ba61b2e74943ffa84d84f7e0a79c0b4b3d8a2983410628c2f21588089c48ebd2de4414515b88265e874463d7cf2fb913d0427a7dd08a09b
SSDEEP

768:aVz89qMbkNI2P3qboSxh46Yma3R/ETAXApQ/3ansLRpeAXcs1oXQmS:aVCstPabtxHaEyRpTXcZI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a361257e3e3bcecfff6a0e928b01b1a4_JaffaCakes118

Files

a361257e3e3bcecfff6a0e928b01b1a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a76f172503c9830ca7082eb11b6210b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
setsockopt
htonl
sendto
inet_addr
gethostbyname
closesocket
recv
WSACleanup
WSAGetLastError
WSAStartup
socket
htons
connect
send
WSAAsyncSelect

kernel32

GetStartupInfoA
GetCurrentProcessId
GetModuleHandleA
GetProcessHeap
HeapAlloc
GetTickCount
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
ExitProcess
CreateProcessA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
GetCurrentProcess
WriteFile
CreateFileA
GetSystemDirectoryA
ResumeThread
CreateThread
Sleep
ExpandEnvironmentStringsA
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
MoveFileA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfA
DefWindowProcA
ExitWindowsEx
PostQuitMessage
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA

advapi32

RegOpenKeyExA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegRestoreKeyA

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__dllonexit
printf
_itoa
sprintf
__CxxFrameHandler
strstr
strcspn
strncpy
atoi
_stricmp
_acmdln
exit
_XcptFilter
rand
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a76f172503c9830ca7082eb11b6210b

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcp60

msvcrt

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 9KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 44KB - Virtual size: 43KB

.reloc Size: 4KB - Virtual size: 104B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 9KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 44KB - Virtual size: 43KB

.reloc
Size: 4KB - Virtual size: 104B