b4ff1b77030f6a77b3c4e14197dab846_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4ff1b77030f6a77b3c4e14197dab846_JaffaCakes118
Size

2.4MB
MD5

b4ff1b77030f6a77b3c4e14197dab846
SHA1

517ee23a0241950be887b84b1b4c5dc02f459cb8
SHA256

599da6176179f9c35f9a8c7ef16ebc6e2b6f1975d1462a960c8b98f9bb81da13
SHA512

ef7025bba73aa5f6aa27ab23f759ee87dcbefec6667a8985dc6b6c0484b296a33daf96f99634de9b8226a69bbe68bed3fd674daaad0981fe2e932eeb1aec0ede
SSDEEP

49152:X3tGhUYXqB8+t1oFHbBjOLFb/EK2pzynR3/WyxH2zIdqmDqprW6:tAUYXmTDodbBep/EzpmNN7HDM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ff1b77030f6a77b3c4e14197dab846_JaffaCakes118

Files

b4ff1b77030f6a77b3c4e14197dab846_JaffaCakes118
.exe windows:4 windows x86 arch:x86

19e9c290b7e494dd525b9c35ebf42814

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winmm

waveOutClose

ws2_32

recvfrom

kernel32

DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

BeginPaint

gdi32

SetStretchBltMode

winspool.drv

ClosePrinter

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CoFreeUnusedLibraries

oleaut32

OleCreateFontIndirect

comctl32

ImageList_Duplicate

oledlg

ord8

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 72KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19e9c290b7e494dd525b9c35ebf42814

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 319KB

.vmp0 Size: 72KB - Virtual size: 91KB

.vmp1 Size: - Virtual size: 895KB

.vmp2 Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 319KB

.vmp0
Size: 72KB - Virtual size: 91KB

.vmp1
Size: - Virtual size: 895KB

.vmp2
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 72KB - Virtual size: 68KB