ae7a6ec22cc50b4c42ae0d967b7a4a93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae7a6ec22cc50b4c42ae0d967b7a4a93_JaffaCakes118
Size

188KB
MD5

ae7a6ec22cc50b4c42ae0d967b7a4a93
SHA1

4acba3bc883ab46089fb28c5b4947b4c4cf4d4d4
SHA256

49509d2796b4a2868d8204a704eb91874c31e7c16773bb1d0924c30eba74aae2
SHA512

2f9ed3d56030c59df86d8248ec1b3f791b88cbd5bbc2eadfbe9f9825c63ea2ae6518bd99f59177af8fbb9b9d88a275684a6dd0913a12722fff7273a9f3bfabeb
SSDEEP

3072:pFMiHpBjhPeLndkRrKhoyaZvTeJKmWi7xxMPQSivUzHvFfAPu:HMa1E46W0nMPMCfA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae7a6ec22cc50b4c42ae0d967b7a4a93_JaffaCakes118

Files

ae7a6ec22cc50b4c42ae0d967b7a4a93_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c359287035e4eb3df722119e5acacbbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
FreeLibrary
LoadLibraryA
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentProcess
FlushFileBuffers
GetVersion
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
HeapSize
HeapReAlloc
GetACP
ExitProcess
TerminateProcess
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
GlobalLock
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
GetModuleFileNameA
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
lstrcmpA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
GetLastError
CreateEventA
CreateThread
WaitForSingleObject
ResetEvent
Sleep
OutputDebugStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
lstrlenA
VirtualAllocEx
WriteProcessMemory
GetProcAddress
CreateRemoteThread
GetTickCount
GetFullPathNameA
GetSystemTime
CreateFileA
SetFilePointer
ReadFile
WriteFile
CloseHandle
WinExec
GetModuleHandleA

user32

EnableWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetTopWindow
MessageBoxA
SendMessageA
FindWindowA
RegisterClassA
GetCapture
GetParent

advapi32

StartServiceA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle

shlwapi

PathFileExistsA

comctl32

ord17

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutA
SetWindowExtEx
PtVisible
RectVisible
TextOutA
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

CreateDriverEvent
LoadDriver
RemoveDriverEvent
StartHook
StopHook
UnloadDriver

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c359287035e4eb3df722119e5acacbbb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

comctl32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 18KB

.vmp0 Size: 12KB - Virtual size: 10KB

.vmp1 Size: 44KB - Virtual size: 42KB

.vmp0 Size: 8KB - Virtual size: 5KB

.vmp1 Size: 28KB - Virtual size: 25KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 18KB

.vmp0
Size: 12KB - Virtual size: 10KB

.vmp1
Size: 44KB - Virtual size: 42KB

.vmp0
Size: 8KB - Virtual size: 5KB

.vmp1
Size: 28KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 5KB