b7f511246076f153cb051673af895b67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7f511246076f153cb051673af895b67_JaffaCakes118
Size

245KB
MD5

b7f511246076f153cb051673af895b67
SHA1

1301df4bcf80bb44612642d9ec0809b6f5802fc3
SHA256

1a0dfe7f1c0b6b38bb1c7be4f99f676d76ca8ad681327289fae6eb09c3f963a6
SHA512

d18f8044260fd3a2043b4577a82362f2f40f554a0ddcacdb6ed38830bf787f14e0499e46da0f136213fe7071f46968a9afdfcf400d26161adaa5b3b80d59e516
SSDEEP

6144:dXNyABJJZSWNO3whXVs3P9QWciJXATtkJ31ZQruCoJ:dXNyAzJBNKFPrJXATtq/QrXoJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7f511246076f153cb051673af895b67_JaffaCakes118

Files

b7f511246076f153cb051673af895b67_JaffaCakes118
.dll windows:5 windows x86 arch:x86

52800a4b05aca77e9840b3cf8d71630b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendInput
MessageBoxA

d3dx9_43

D3DXCreateFontW

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52800a4b05aca77e9840b3cf8d71630b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3dx9_43

Sections

.textbss Size: - Virtual size: 96KB

.text Size: - Virtual size: 216KB

.rdata Size: - Virtual size: 32KB

.data Size: - Virtual size: 67KB

.idata Size: - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 1KB

.vmp0 Size: - Virtual size: 8KB

.vmp1 Size: - Virtual size: 118KB

.vmp2 Size: 243KB - Virtual size: 243KB

.reloc Size: 512B - Virtual size: 188B

.textbss
Size: - Virtual size: 96KB

.text
Size: - Virtual size: 216KB

.rdata
Size: - Virtual size: 32KB

.data
Size: - Virtual size: 67KB

.idata
Size: - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 1KB

.vmp0
Size: - Virtual size: 8KB

.vmp1
Size: - Virtual size: 118KB

.vmp2
Size: 243KB - Virtual size: 243KB

.reloc
Size: 512B - Virtual size: 188B