b63fa0bfeef7d2dc10fa6a458c985a79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b63fa0bfeef7d2dc10fa6a458c985a79_JaffaCakes118
Size

836KB
MD5

b63fa0bfeef7d2dc10fa6a458c985a79
SHA1

53414cb1332202c545a8b5d7dded6bc3fdea8cad
SHA256

4503ac77c25fe17578ef5061c4101d1de9333caa9eb23f821d4305ed329e6f25
SHA512

64d310423e80f80965821a04375897f1268d8cef0a9ca840f8a38000a308c6d0d0eb24a60a172c6b685b4fb1c57284de169eadaf6e10c30ff90ab94d649c0f62
SSDEEP

24576:JqESle3u3c0jdSqd8PNpjRXLs82uh5fsnAuk:cES03u3rAqWPNRpY8zh5EAv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b63fa0bfeef7d2dc10fa6a458c985a79_JaffaCakes118

Files

b63fa0bfeef7d2dc10fa6a458c985a79_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4ba0660a8bc16e86151ebfa017c04208

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

midiStreamRestart

ws2_32

getpeername

kernel32

MultiByteToWideChar
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetActiveWindow

gdi32

CreatePen

winspool.drv

OpenPrinterA

advapi32

RegDeleteKeyA

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

RegisterTypeLi

comctl32

ord17

comdlg32

GetOpenFileNameA

Exports

Exports

1|?�¨�y��?
?a?��
RunDllHostCallBack
_?��̨�??
_��?��3��D��?a��?

Sections

.text
Size: - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 820KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ba0660a8bc16e86151ebfa017c04208

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 507KB

.rdata Size: - Virtual size: 81KB

.data Size: - Virtual size: 223KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 77KB

.vmp1 Size: - Virtual size: 476KB

.vmp2 Size: 820KB - Virtual size: 816KB

.reloc Size: 4KB - Virtual size: 256B

.text
Size: - Virtual size: 507KB

.rdata
Size: - Virtual size: 81KB

.data
Size: - Virtual size: 223KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 77KB

.vmp1
Size: - Virtual size: 476KB

.vmp2
Size: 820KB - Virtual size: 816KB

.reloc
Size: 4KB - Virtual size: 256B