b4fbe27fbdd616fac1d37009c1d3705f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4fbe27fbdd616fac1d37009c1d3705f_JaffaCakes118
Size

460KB
MD5

b4fbe27fbdd616fac1d37009c1d3705f
SHA1

80511f850ac393275dc7632910b1e64e2dc95466
SHA256

45e37f7ba0f0789711bff6f4d4c65eef030cec98d2ca9e905818a92a2ac5910e
SHA512

1223d2df6919df666f028f1fe335007135e373768d22ebec2d144118ac5eb6c88242f149c0f5a8b9d6dd4eea5247a08e53a711fed77bc3c8073ddc3cf60f0436
SSDEEP

12288:EANF5lY8wymjXkl2SEgCKd74FvROaZNZx3xeT:fNF3vbf3d74FvR5NZfeT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4fbe27fbdd616fac1d37009c1d3705f_JaffaCakes118

Files

b4fbe27fbdd616fac1d37009c1d3705f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4dcceef50530a47f9e23916db9039e9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ClientToScreen
GetAsyncKeyState
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
wsprintfW
PrintWindow
IsIconic
ShowWindow
MoveWindow
GetWindowRect
IsWindow
GetParent
GetClientRect
FindWindowA
EnumDisplaySettingsA
ReleaseDC
GetDC
MsgWaitForMultipleObjects
GetGUIThreadInfo
GetForegroundWindow
CallWindowProcA
keybd_event
mouse_event
PostMessageA
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindow
GetDesktopWindow

kernel32

SetFilePointer
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
SetProcessWorkingSetSize
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Module32First
CreateThread
Sleep
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetCurrentThread
Beep
LoadLibraryA
VirtualQueryEx
VirtualProtect
LocalSize
RtlMoveMemory
InterlockedDecrement
RtlZeroMemory
lstrcpyn
IsBadReadPtr
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
TerminateProcess
OpenProcess
CreateProcessA
CreateWaitableTimerA
SetWaitableTimer
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetProcessHeap
CreateEventW
GetLocalTime
HeapAlloc
VirtualAlloc
VirtualFree
HeapFree
HeapReAlloc
GetModuleFileNameA
GetTickCount
LCMapStringA
GetVersionExA
WideCharToMultiByte
FreeEnvironmentStringsW
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringW
SetStdHandle
FlushFileBuffers
IsBadWritePtr
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

winmm

timeSetEvent

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

gdi32

GetObjectA
BitBlt
CreateDIBSection
CreateCompatibleDC
GetDIBits
TextOutA
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectA
DeleteDC
GetPixel
DeleteObject
CreateCompatibleBitmap

Exports

Exports

EventTimer

Sections

.text
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 452KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dcceef50530a47f9e23916db9039e9f

Headers

File Characteristics

Imports

user32

kernel32

winmm

advapi32

gdi32

Exports

Exports

Sections

.text Size: - Virtual size: 105KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 333KB

.vmp0 Size: - Virtual size: 6KB

.vmp1 Size: - Virtual size: 107KB

.vmp2 Size: 452KB - Virtual size: 450KB

.reloc Size: 4KB - Virtual size: 276B

.text
Size: - Virtual size: 105KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 333KB

.vmp0
Size: - Virtual size: 6KB

.vmp1
Size: - Virtual size: 107KB

.vmp2
Size: 452KB - Virtual size: 450KB

.reloc
Size: 4KB - Virtual size: 276B