af07820fcb901881de7ce1771f87cd29_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af07820fcb901881de7ce1771f87cd29_JaffaCakes118
Size

3.2MB
MD5

af07820fcb901881de7ce1771f87cd29
SHA1

4376fa88cb7f4a40f43a255183b9ec0fc509ac4b
SHA256

7fb8135fe14e38d3eceb01854ef56e092d5aa783e735dcab4cee44381a9d043b
SHA512

6bcee482e3c2936b3e84f5250eb5172acd17f7666d4a2d73dd4a44f7c8d26a6b9f8dfd7c1772fc101e3f48748f15062b2c48ccf129ec0785d5e883b4b74e753c
SSDEEP

98304:x1tj8OmNQ2yPQ8d8KcV1n29fBrjwi1KRWQ1/OL:xgRXT8qh0jqR91/OL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/MediaPatcher.exe	vmprotect
static1/unpack001/agbot.exe	vmprotect
static1/unpack001/mc65.exe	vmprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MediaPatcher.exe
unpack001/agbot.exe
unpack001/mc18.exe
unpack001/mc65.exe

Files

af07820fcb901881de7ce1771f87cd29_JaffaCakes118
.zip
MediaPatcher.exe
.exe windows:4 windows x86 arch:x86

4dd9bde8ec329ace3bf646dfe9d45c1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
agbot.exe
.exe windows:4 windows x86 arch:x86

2cc0914792a83a5ebdd29467bc501e14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaAryMove

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data/Item.txt
data/MOpt.txt
data/Mobs.txt
data/Skill.txt
data/nleveldata.txt
data/npcdata.txt
data/nteleportbuilding.txt
data/nteleportdata.txt
datar/Item.txt
datar/MOpt.txt
datar/Mobs.txt
datar/Skill.txt
datar/nleveldata.txt
datar/npcdata.txt
datar/nteleportbuilding.txt
datar/nteleportdata.txt
mc18.exe
.exe windows:5 windows x86 arch:x86

8f742d2708a5d82f47f0a23fae50b315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Admin\Downloads\edxSilkroadLoader5_0_3d\src\Release\eLoa.pdb

Imports

kernel32

CreateFileA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
IsBadReadPtr
ReadProcessMemory
FlushInstructionCache
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
CreateFileMappingA
CloseHandle
ResumeThread
GetFullPathNameA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetStdHandle
CreateDirectoryA
GetCurrentDirectoryA
WriteProcessMemory
CreateProcessA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
WriteFile
GetModuleFileNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

user32

MessageBoxA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mc65.exe
.exe windows:5 windows x86 arch:x86

9afe4c19c34a5a09f8cba8810a00463e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sror.png
.png
sror.txt

Sharing

General

Malware Config

Signatures

Files

4dd9bde8ec329ace3bf646dfe9d45c1a

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 52KB

.data Size: - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 16B

.vmp0 Size: - Virtual size: 28KB

.vmp1 Size: 84KB - Virtual size: 81KB

2cc0914792a83a5ebdd29467bc501e14

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 3.7MB

.data Size: - Virtual size: 144KB

.rsrc Size: 4KB - Virtual size: 256KB

.vmp0 Size: - Virtual size: 60KB

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

8f742d2708a5d82f47f0a23fae50b315

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 8KB

9afe4c19c34a5a09f8cba8810a00463e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: - Virtual size: 98KB

.rdata Size: - Virtual size: 19KB

.data Size: - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 2KB

.vmp0 Size: - Virtual size: 8KB

.vmp1 Size: - Virtual size: 84KB

.vmp2 Size: 189KB - Virtual size: 188KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 16B

.vmp0
Size: - Virtual size: 28KB

.vmp1
Size: 84KB - Virtual size: 81KB

.text
Size: - Virtual size: 3.7MB

.data
Size: - Virtual size: 144KB

.rsrc
Size: 4KB - Virtual size: 256KB

.vmp0
Size: - Virtual size: 60KB

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: - Virtual size: 98KB

.rdata
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 2KB

.vmp0
Size: - Virtual size: 8KB

.vmp1
Size: - Virtual size: 84KB

.vmp2
Size: 189KB - Virtual size: 188KB

.reloc
Size: 512B - Virtual size: 92B