aed457762083213729712eab444d8d7c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aed457762083213729712eab444d8d7c_JaffaCakes118
Size

1.3MB
MD5

aed457762083213729712eab444d8d7c
SHA1

e9fd0d6a7825217d2ffd7e87b2207652b4ad4771
SHA256

b5b2503585f480688286ee4e4e00ee1ffc43af11d5aaa0968110f0d6b42ee267
SHA512

5f4b7886ef6a358ed6daa8ea4714b99db772a8c8d7fab63bdf0cd99e59c8c63a99279f025826a39ff3346504b1a112c760e922f0a0a6af9815dc9b7c1f7febf1
SSDEEP

24576:q3Rg0rNF6kwFt+FqIbUvGU/85urF5OS5llucDw0exvETrp6xAy33:qq0rj6kwFt+FqVU2amG33

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aed457762083213729712eab444d8d7c_JaffaCakes118

Files

aed457762083213729712eab444d8d7c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02b6979f2e252b78d26ba7ae27ecfa68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\dtlite-4-40-2\ui\tray\Tray\Release\DTAgent.pdb

Imports

dtcommonres

ShowConvertImagesDialog
ShowEraseDiskDialog
ShowDeviceInfo
DevicesListDialog
ShowGrabDiskDialog
AboutDialogShow
SetInvisibleWaitDialog
ShowDeviceParameters
IsDeviceParametersShowed
EditBox
DownloadFileDialog
ShowBurnImageDialog

mpr

WNetAddConnection3W

mfc100u

ord11228
ord11236
ord7391
ord9498
ord11240
ord11209
ord11845
ord5118
ord9328
ord6140
ord890
ord6869
ord5261
ord1296
ord13181
ord2030
ord7618
ord6661
ord13127
ord6870
ord3628
ord9230
ord2683
ord1480
ord9525
ord4805
ord13047
ord11940
ord7006
ord13448
ord13447
ord13446
ord13449
ord10740
ord9342
ord9229
ord9552
ord9647
ord10485
ord14013
ord11123
ord8178
ord10057
ord10412
ord2981
ord2980
ord2756
ord5556
ord12606
ord2417
ord11163
ord10037
ord5125
ord5303
ord8347
ord5851
ord422
ord869
ord5563
ord4511
ord3746
ord2746
ord8264
ord13380
ord5468
ord5802
ord897
ord4356
ord12153
ord12154
ord12801
ord1270
ord980
ord917
ord1313
ord1440
ord1477
ord1311
ord2155
ord5264
ord285
ord2629
ord11516
ord5558
ord12610
ord2887
ord2884
ord7385
ord2418
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord11081
ord3402
ord10937
ord8112
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord1512
ord1519
ord4388
ord4425
ord3416
ord3627
ord4404
ord4400
ord4430
ord4421
ord4392
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord13382
ord7109
ord13388
ord6156
ord10725
ord12557
ord5276
ord2339
ord11116
ord3491
ord2952
ord2951
ord2852
ord4642
ord4923
ord5115
ord8483
ord4901
ord5143
ord4645
ord4794
ord4623
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord11784
ord7548
ord7624
ord1292
ord4086
ord1990
ord7176
ord267
ord8821
ord7911
ord6344
ord7973
ord13389
ord4519
ord7005
ord11683
ord11494
ord7619
ord4220
ord6145
ord6148
ord3933
ord1302
ord12351
ord4811
ord7876
ord12228
ord4571
ord5052
ord2923
ord2768
ord5868
ord998
ord3493
ord2410
ord13366
ord3438
ord2618
ord7902
ord2780
ord8269
ord5882
ord3985
ord1013
ord8179
ord12487
ord12653
ord11160
ord3971
ord11571
ord12775
ord865
ord1267
ord13342
ord751
ord741
ord2271
ord3611
ord1189
ord5188
ord12895
ord5161
ord12502
ord8599
ord920
ord2763
ord1734
ord4478
ord4802
ord341
ord919
ord788
ord1212
ord337
ord1282
ord880
ord3745
ord5800
ord7929
ord13208
ord11838
ord13214
ord970
ord5846
ord921
ord3436
ord2617
ord7901
ord3749
ord2748
ord8266
ord5809
ord6931
ord6932
ord6922
ord4792
ord7393
ord9333
ord8346
ord2069
ord3413
ord2068
ord11159
ord5198
ord290
ord6727
ord3468
ord11210
ord4360
ord3397
ord4512
ord13415
ord11353
ord1006
ord7871
ord4151
ord280
ord286
ord1479
ord1474
ord1476
ord3433
ord457
ord1310
ord3846
ord7357
ord11801
ord7913
ord4150
ord7524
ord12186
ord11569
ord13396
ord11330
ord2057
ord6036
ord796
ord2614
ord2773
ord4138
ord3703
ord3495
ord7967
ord7529
ord11997
ord11998
ord879
ord2848
ord2578
ord4528
ord1280
ord3428
ord4606
ord11936
ord12940
ord11933
ord12930
ord8036
ord12933
ord12548
ord12871
ord12182
ord11999
ord12007
ord11786
ord2008
ord1992
ord7077
ord6711
ord3978
ord12413
ord12512
ord12510
ord7241
ord381
ord12948
ord12951
ord11870
ord11511
ord11493
ord6996
ord3261
ord4396
ord948
ord1226
ord2939
ord2824
ord6086
ord7246
ord10058
ord1300
ord4358
ord1014
ord3752
ord8270
ord5325
ord5883
ord1266
ord3763
ord2844
ord8273
ord4408
ord6117
ord12628
ord12157
ord5826
ord374
ord12944
ord945
ord7630
ord4355
ord4359
ord2188
ord3482
ord7903
ord3754
ord5900
ord5229
ord11982
ord2184
ord5799
ord5855
ord5801
ord2185
ord6080
ord3446
ord4290
ord1450
ord1987
ord5862
ord1944
ord1934
ord6236
ord1298
ord12152
ord12800
ord7227
ord1905
ord1982
ord2062
ord2064
ord265
ord266
ord6416
ord1233
ord6089
ord826
ord296
ord1312
ord902
ord2089

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_wmakepath_s
_itow_s
_beginthread
_wstat64i32
wcstol
_recalloc
calloc
wcsnlen
wcscat_s
_vsnwprintf
wmemcpy_s
memmove
_wsplitpath_s
wcsrchr
_time64
ceil
_localtime64_s
wcscpy
_wtoi
_ltow_s
wcschr
swprintf_s
??8type_info@@QBE_NABV0@@Z
wcsncpy_s
_wcsicmp
_purecall
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memcpy
__RTDynamicCast
memmove_s
memcpy_s
wcslen
wcscpy_s
__CxxFrameHandler3
malloc
free
memset

kernel32

InterlockedCompareExchange
GetVersion
MultiByteToWideChar
FreeResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
DeactivateActCtx
GetLastError
ActivateActCtx
GetCPInfo
Sleep
FreeLibrary
WideCharToMultiByte
GetCurrentThreadId
FindResourceA
CloseHandle
CreateThread
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineW
FindFirstFileW
lstrlenW
DisconnectNamedPipe
ReadFile
WriteFile
GetOverlappedResult
WaitForMultipleObjects
SetEvent
ConnectNamedPipe
CreateEventW
GetCurrentProcessId
CreateNamedPipeW
WaitForSingleObject
OpenEventW
CreateMutexW
GlobalAddAtomW
HeapDestroy
HeapReAlloc
HeapSize
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetDriveTypeW
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedExchange
MulDiv
GetTickCount
HeapFree
FlushInstructionCache
HeapAlloc
GetProcessHeap
lstrcpyW
DeleteAtom
CopyFileW
GetTempFileNameW
GetTempPathW
LoadLibraryExW
TryEnterCriticalSection
GetVersionExW
GlobalLock
GlobalUnlock
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
FormatMessageW
MoveFileExW
GlobalAlloc
GetSystemInfo
LocalFree
CreateDirectoryW
CreateFileW
GetCurrentProcess
GetSystemTimeAsFileTime
FindResourceExW
SizeofResource

user32

IsWindowEnabled
GetDlgItemTextW
CheckDlgButton
MessageBeep
DialogBoxIndirectParamW
GetDialogBaseUnits
GetWindowTextLengthW
DefWindowProcW
RemovePropW
SetPropW
DrawFocusRect
GetPropW
CallWindowProcW
LoadCursorW
SetFocus
SetCursor
SendMessageTimeoutW
IsWindowVisible
SetDlgItemTextW
EnableMenuItem
GetSystemMenu
GetWindowThreadProcessId
MonitorFromWindow
GetMonitorInfoW
MoveWindow
EndPaint
FrameRect
BeginPaint
OffsetRect
InflateRect
GetAsyncKeyState
IsWindow
GetTopWindow
GetWindow
ReleaseCapture
GetCapture
PtInRect
SetCapture
ClientToScreen
GetIconInfo
GetWindowPlacement
ShowWindow
UpdateWindow
GetWindowLongW
SetWindowLongW
GetDesktopWindow
InvalidateRect
GetClientRect
GetWindowTextW
SetWindowPos
ExitWindowsEx
LoadImageW
RegisterHotKey
UnregisterHotKey
AllowSetForegroundWindow
GetCursorPos
GetDoubleClickTime
SetForegroundWindow
LoadMenuW
UnhookWindowsHookEx
GetDlgCtrlID
GetFocus
GetParent
GetActiveWindow
GetWindowRect
RegisterWindowMessageW
PostMessageW
MessageBoxW
DialogBoxParamW
EndDialog
SetWindowTextW
GetDlgItem
SetWindowTextA
CreateWindowExW
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
DestroyWindow
SetMenuDefaultItem
EnableWindow
SetWindowsHookExW
LoadIconW
WindowFromPoint
CallNextHookEx
GetMessagePos
ScreenToClient
SendMessageW
GetSysColorBrush
GetSystemMetrics
SystemParametersInfoW
DrawIconEx
DestroyIcon
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuItemInfoW
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuW
DeleteMenu
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapW
CopyRect
SetRect
GetSysColor
UnregisterClassA

gdi32

SetDIBits
RoundRect
SetBkColor
SetTextColor
GetTextMetricsW
GetTextFaceW
SetBkMode
GetStockObject
GetBitmapBits
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentPoint32W
SetPixel
GetPixel
BitBlt
PatBlt
Rectangle
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreateFontIndirectW
CreateSolidBrush
CreatePen
CreateDCW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
DuplicateIcon
SHGetSpecialFolderPathW
SHGetDiskFreeSpaceExW
DragQueryFileW
ord680
Shell_NotifyIconW
ord190
SHCreateShellItem
SHChangeNotify

comctl32

_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFindExtensionW

ole32

RegisterDragDrop
RevokeDragDrop
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
VarBstrCmp
VarBstrCat
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
VarBstrFromDate

msvcp100

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 871KB - Virtual size: 871KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

02b6979f2e252b78d26ba7ae27ecfa68

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dtcommonres

mpr

mfc100u

msvcr100

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp100

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 871KB - Virtual size: 871KB

.vmp0 Size: 40KB - Virtual size: 40KB

.vmp1 Size: 86KB - Virtual size: 88KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 871KB - Virtual size: 871KB

.vmp0
Size: 40KB - Virtual size: 40KB

.vmp1
Size: 86KB - Virtual size: 88KB