acd7576140f807fe3b3b351bfb7e5d19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

acd7576140f807fe3b3b351bfb7e5d19_JaffaCakes118
Size

407KB
MD5

acd7576140f807fe3b3b351bfb7e5d19
SHA1

6236cc1020d52b99235df60158c8565100c0354b
SHA256

08f61883fcf9f5b88eeae458298747a8afd0b02d9a00f8d22cddcb817c4c218a
SHA512

93c25109fa1f019ed8be17907b1e6cf7c023b0501e87a53313aad5198164a2222b69e800c83b2ce847c6eb4d5ae4177474e9d40775c0b133aeb41d60c57c5bb1
SSDEEP

6144:H52vrQblQpgaV3XvIg5FonA4iRUkty9PIwdl8yoV34qIw0w5X:H1Cpgk3fNFoA4OUkgPTjToVINwTX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

acd7576140f807fe3b3b351bfb7e5d19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e0c0e125c3a64cb0872c84f439449c4

Code Sign

78:1e:bc:be:f5:41:5f:7c:bb:14:14:e9:fa:c0:8d:2f
Certificate

Issuer

CN=Microsoft Corporation

Not Before

22/11/2010, 08:50

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:0e:06:68:49:29:ec:33:25:79:d0:15:c8:20:0c:4a:1c:13:77:6e
Signer

Actual PE Digest

84:0e:06:68:49:29:ec:33:25:79:d0:15:c8:20:0c:4a:1c:13:77:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadIconW
MessageBoxA

advapi32

RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoInitialize

oleaut32

VariantInit

htmlayout

HTMLayoutSetElementState

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e0c0e125c3a64cb0872c84f439449c4

Code Sign

78:1e:bc:be:f5:41:5f:7c:bb:14:14:e9:fa:c0:8d:2fCertificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

84:0e:06:68:49:29:ec:33:25:79:d0:15:c8:20:0c:4a:1c:13:77:6eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

htmlayout

iphlpapi

wininet

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 6KB

.vmp0 Size: 112KB - Virtual size: 109KB

.vmp1 Size: 60KB - Virtual size: 58KB

78:1e:bc:be:f5:41:5f:7c:bb:14:14:e9:fa:c0:8d:2f
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

84:0e:06:68:49:29:ec:33:25:79:d0:15:c8:20:0c:4a:1c:13:77:6e
Signer

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 6KB

.vmp0
Size: 112KB - Virtual size: 109KB

.vmp1
Size: 60KB - Virtual size: 58KB