b784b8fc31ba168b2ce34e924bf4d41e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b784b8fc31ba168b2ce34e924bf4d41e_JaffaCakes118
Size

2.4MB
MD5

b784b8fc31ba168b2ce34e924bf4d41e
SHA1

af4465761498ec9194890299436e3aeaa0c3e779
SHA256

5fbd331213806bad6c9f930a22a1e103949759e2ad0f4e88d7edc9f0e66547f0
SHA512

ece62dc8c7c232da69faae15ae967f181195fcd2de5cfcd6d5853df92617f821945db8607a1081a18fd4c29af7dbb7e13744c832c53ecbfad401a3fc8a7808ce
SSDEEP

49152:C/IIGhOdVTuEKYr0yo3B8CHR9mTosT8I00gSMxCT3WCndJ78pWmyQ1wQb3AMIiPG:C/IfMDKXyy8CHl3IFgSM8r1dJyt0MIm+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b784b8fc31ba168b2ce34e924bf4d41e_JaffaCakes118

Files

b784b8fc31ba168b2ce34e924bf4d41e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00eab8a06b10854141d2797ee3f81af9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose

ws2_32

accept

rasapi32

RasGetConnectStatusA

kernel32

LCMapStringA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyMenu

gdi32

EndPage

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

VariantChangeType

comctl32

ord17

oledlg

ord8

wininet

HttpOpenRequestA

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00eab8a06b10854141d2797ee3f81af9

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 510KB

.rdata Size: - Virtual size: 2.9MB

.data Size: - Virtual size: 308KB

.rsrc Size: 28KB - Virtual size: 40KB

.vmp0 Size: - Virtual size: 373KB

.vmp1 Size: 2.3MB - Virtual size: 2.3MB

.text
Size: - Virtual size: 510KB

.rdata
Size: - Virtual size: 2.9MB

.data
Size: - Virtual size: 308KB

.rsrc
Size: 28KB - Virtual size: 40KB

.vmp0
Size: - Virtual size: 373KB

.vmp1
Size: 2.3MB - Virtual size: 2.3MB