bd558201c71d98c42ca5446482372730_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd558201c71d98c42ca5446482372730_JaffaCakes118
Size

420KB
MD5

bd558201c71d98c42ca5446482372730
SHA1

4fcf34b4e2acb762c4ab51019f9760d3e16f6c0d
SHA256

995817d8e5be2caa17a728e39ce8a7963df29b535949b6986f1eaebc90b91ec7
SHA512

bf7cae85f51a45b54e8a811b473a6cb923cd413aa0b1f813d5c8f7ab3b93897836c5b20728ef7c84d78933bf0eed109643551c4abf2d9e2e25437bc99e4cd82d
SSDEEP

6144:UIEuZi3QrY8G0QtZAGQ0hBK0IauE2W0L2g2yRCSwz6cUABXA71M6KqI0KpC/tFV:97t837AGQ0bReL5Z7C1y1M+xIct/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd558201c71d98c42ca5446482372730_JaffaCakes118

Files

bd558201c71d98c42ca5446482372730_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e6637139d9549c9297cb3981a3ca96a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindCloseUrlCache

ws2_32

setsockopt

mfc42

ord609

msvcrt

abort

kernel32

GlobalUnlock
LoadLibraryA
VirtualProtect
GetModuleFileNameA

user32

FrameRect
MessageBoxA

gdi32

DPtoLP

advapi32

RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoCreateInstance

wsock32

listen

winmm

PlaySoundA

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

netapi32

Netbios

Sections

.text
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6637139d9549c9297cb3981a3ca96a

Headers

File Characteristics

Imports

wininet

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

wsock32

winmm

msvcp60

netapi32

Sections

.text Size: - Virtual size: 152KB

.rdata Size: - Virtual size: 35KB

.data Size: - Virtual size: 129KB

.rsrc Size: 28KB - Virtual size: 42KB

.vmp0 Size: - Virtual size: 142KB

.vmp1 Size: 384KB - Virtual size: 381KB

.reloc Size: 4KB - Virtual size: 41KB

.text
Size: - Virtual size: 152KB

.rdata
Size: - Virtual size: 35KB

.data
Size: - Virtual size: 129KB

.rsrc
Size: 28KB - Virtual size: 42KB

.vmp0
Size: - Virtual size: 142KB

.vmp1
Size: 384KB - Virtual size: 381KB

.reloc
Size: 4KB - Virtual size: 41KB