aa65c6d62c54fe9328847214fa60b0bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa65c6d62c54fe9328847214fa60b0bd_JaffaCakes118
Size

1.4MB
MD5

aa65c6d62c54fe9328847214fa60b0bd
SHA1

29ec95114a4d597ae2b50756c8b9d65ee5d2dc36
SHA256

ff573139edfbad01ecda0577360cce3c01795bf0f2397149add1a9f2fe3a1d27
SHA512

6c39c2f1d9d49dfbc3b3ec35dec51f7c949a72199dbdc51585b81b0dc9333f5786bc76c4e48b93725f47f55aa3b6a59c46850b3266cb8d8f0b7ac7dc57b6d7d9
SSDEEP

24576:lziUGNhb2wClfGkHGrH33IIUcrO/37TSEP5331U0icrKLH5Koyjp4JUiRs:libOp8HT6/L3P931HxrKlyjp4JUV

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa65c6d62c54fe9328847214fa60b0bd_JaffaCakes118

Files

aa65c6d62c54fe9328847214fa60b0bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bea6f281535325a145bae19135381ade

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

MessageBoxA
MessageBoxA

gdi32

RealizePalette

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

CreateILockBytesOnHGlobal

oleaut32

SafeArrayUnaccessData

comctl32

ord17

oledlg

ord8

ws2_32

closesocket

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bea6f281535325a145bae19135381ade

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 589KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 210KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 135KB

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 4KB - Virtual size: 160B

.text
Size: - Virtual size: 589KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 210KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 135KB

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 4KB - Virtual size: 160B