b9cabfd9cb2bad91f0bfc899c54d8a2d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9cabfd9cb2bad91f0bfc899c54d8a2d_JaffaCakes118
Size

144KB
MD5

b9cabfd9cb2bad91f0bfc899c54d8a2d
SHA1

5d5489f04027ff481896d87210fffc8973b193d3
SHA256

1a1af3e200c0376bf21c1f9bef0a0e8f3010856359b7c2627724ea76276708f0
SHA512

d756f5bf72f37beed8bb08e35926bfe9eee1211618f9dc6c5800e772518ba833a1d8942e7c95b0b670fa3d47250f1112a729b1eb607762db97974eec8a6e4d64
SSDEEP

3072:hYVCWsgqnK366L5WnjjQZ0GCt5Ti640YacoX3kJ/Z4t:yVCa366LEjJVVdYacoX3k4t

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9cabfd9cb2bad91f0bfc899c54d8a2d_JaffaCakes118

Files

b9cabfd9cb2bad91f0bfc899c54d8a2d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f27510a5988334e5e595bea885a82b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
GetStartupInfoA
lstrcatA
CloseHandle
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
ResumeThread
SetThreadPriority
CreateProcessA
GetSystemDirectoryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

advapi32

RegSetValueExA
RegOpenKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

mfc42

ord535
ord800
ord924
ord537

msvcrt

_onexit
_exit
_XcptFilter
__dllonexit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__CxxFrameHandler
exit
_acmdln

msvcp60

??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f27510a5988334e5e595bea885a82b3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

msvcp60

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 356B

.rsrc Size: 4KB - Virtual size: 154KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 132KB - Virtual size: 129KB

.reloc Size: 4KB - Virtual size: 112B

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 356B

.rsrc
Size: 4KB - Virtual size: 154KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 132KB - Virtual size: 129KB

.reloc
Size: 4KB - Virtual size: 112B