bc731ed5dd8edda4b8ec17e09b683ca2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc731ed5dd8edda4b8ec17e09b683ca2_JaffaCakes118
Size

309KB
MD5

bc731ed5dd8edda4b8ec17e09b683ca2
SHA1

f279c4f9addca17527aa70afc93a75a8ccd065a2
SHA256

a5bd1a9ec8d3f8c5ead3a72b128168d9554947a0fa6843ead0ed8f357f0fc772
SHA512

af0d59716ec40ecd0444d81741746c8af90e138cbff6540bdb3c550511dd8b06d004bd719653d0d89b34b8724fa0359fdaef5044a1eb510a6af9152afa1e5b9c
SSDEEP

6144:MxVqMUy3vbZNgqVrbUq5TxZHHqXTGD7jCCI4zxoO75XUOp:IVqZyf1KqVn5VZsTGrFlzxDDp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc731ed5dd8edda4b8ec17e09b683ca2_JaffaCakes118

Files

bc731ed5dd8edda4b8ec17e09b683ca2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

128297dd826975aec0f4045cbe5db2f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

CODE
Size: - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

128297dd826975aec0f4045cbe5db2f3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

Sections

CODE Size: - Virtual size: 375KB

DATA Size: - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 36KB

.vmp1 Size: - Virtual size: 36KB

.vmp2 Size: 303KB - Virtual size: 302KB

.reloc Size: 512B - Virtual size: 188B

CODE
Size: - Virtual size: 375KB

DATA
Size: - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 36KB

.vmp1
Size: - Virtual size: 36KB

.vmp2
Size: 303KB - Virtual size: 302KB

.reloc
Size: 512B - Virtual size: 188B