baf68340422b75b48e910cdbeb7511cf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

baf68340422b75b48e910cdbeb7511cf_JaffaCakes118
Size

436KB
MD5

baf68340422b75b48e910cdbeb7511cf
SHA1

9d4a2d99e097156c6ed2135d6685c6ecc64a5439
SHA256

44fb0b35964e0cb99b45b0a46353ea2abd1a4bd01b7d86fff94b9a6b5415a7b3
SHA512

38130595c9b95ba02f333d47867fce437d96f1a88350ef1f74965625c7cd6436b1a336fd1b60198507cf58601fb3a29da9499f6c25115a82677637bf98016607
SSDEEP

12288:nouztr4RaIwn+/RdDjaPsXOkqzCrRCgZ03KN59v+z9ncuX:oCZIwnIDGPsXzqG9hZ/N5N+z9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baf68340422b75b48e910cdbeb7511cf_JaffaCakes118

Files

baf68340422b75b48e910cdbeb7511cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96c8c8e5995e174e2449eae5e7b0666f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

InvalidateRect
MessageBoxA

gdi32

SetWindowExtEx

comdlg32

GetOpenFileNameA

winspool.drv

ClosePrinter

advapi32

LookupPrivilegeValueA

shell32

Shell_NotifyIconA

comctl32

ord17

oledlg

ord8

ole32

OleInitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime

winmm

sndPlaySoundA

wininet

InternetGetLastResponseInfoA

Sections

.text
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96c8c8e5995e174e2449eae5e7b0666f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

winmm

wininet

Sections

.text Size: - Virtual size: 504KB

.rdata Size: - Virtual size: 62KB

.data Size: - Virtual size: 79KB

.rsrc Size: 16KB - Virtual size: 35KB

.vmp0 Size: - Virtual size: 126KB

.vmp1 Size: 412KB - Virtual size: 411KB

.reloc Size: 4KB - Virtual size: 120B

.text
Size: - Virtual size: 504KB

.rdata
Size: - Virtual size: 62KB

.data
Size: - Virtual size: 79KB

.rsrc
Size: 16KB - Virtual size: 35KB

.vmp0
Size: - Virtual size: 126KB

.vmp1
Size: 412KB - Virtual size: 411KB

.reloc
Size: 4KB - Virtual size: 120B