bf94cb55661c52b0a35f51f4f4c85954_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf94cb55661c52b0a35f51f4f4c85954_JaffaCakes118
Size

3.8MB
MD5

bf94cb55661c52b0a35f51f4f4c85954
SHA1

f7000a83dd4148a217a0beb2d47f7a5f75ecc30b
SHA256

48630991c901ac1087467a8096be98339f78d9684007d9af02bd2406e3c48a50
SHA512

64acd04a694953e58bf174a382d4d2d0a766e6c776ba8e405aeeff9a79d0f1b18a2763c83babff7316731de14e28fc786b35032178b45cc9672e3167414cadc4
SSDEEP

98304:iAAM9Fw5u4b2Doxa/bNYY76yUI/ju0F1wm/P5:iIFElb2Doxa/bN1ey/t2m/h

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf94cb55661c52b0a35f51f4f4c85954_JaffaCakes118

Files

bf94cb55661c52b0a35f51f4f4c85954_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fdb916dcd720ae19d666474d3cfa9911

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCrackUrlW
InternetCloseHandle
InternetGetConnectedState
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetQueryOptionW

kernel32

HeapFree
HeapAlloc
RaiseException
GetDriveTypeW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
RtlUnwind
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
CreateFileA
GetDriveTypeA
GetACP
GetOEMCP
SetEnvironmentVariableA
GetCurrentThreadId
lstrcmpW
CreateEventW
CloseHandle
SetEvent
SetThreadPriority
GetTickCount
Sleep
TerminateThread
WaitForSingleObject
ResumeThread
CreateFileW
GetLastError
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
GetVersionExW
lstrlenW
GetModuleHandleW
GlobalUnlock
GlobalLock
InterlockedExchange
GetProfileStringA
GlobalAddAtomA
FindResourceA
ExitProcess
GetStartupInfoW
SetErrorMode
GetCurrentDirectoryW
FindResourceExW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileIntW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetStringTypeExW
GetVolumeInformationW
UnlockFile
LockFile
DuplicateHandle
GlobalFlags
lstrcmpiW
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetProcessVersion
lstrcmpA
lstrcmpiA
GetCurrentThread
SuspendThread
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFullPathNameW
GetTempFileNameW
GetFileAttributesW
GlobalGetAtomNameW
MulDiv
FindNextFileW
SetLastError
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
lstrlenA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalSize
CreateThread
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
GetFileSize
SetCurrentDirectoryW
GlobalFree
CopyFileW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateProcessW
OpenProcess
TerminateProcess
GetExitCodeProcess
GetPrivateProfileStringW
GetTempPathW
CreateDirectoryW
FindFirstFileW
FindClose
GetShortPathNameW
GetCurrentProcess
GetLocaleInfoW
GetNumberFormatW
LocalFree
MoveFileW
DeleteFileW
GetCPInfo
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetRect
EndPaint
BeginPaint
GetWindowDC
wvsprintfW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetTopWindow
IsChild
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
BeginDeferWindowPos
EndDeferWindowPos
MessageBoxW
DrawAnimatedRects
AppendMenuW
RemovePropW
SetPropW
SetClassLongW
SetMenu
PeekMessageW
SetRectEmpty
IsWindowUnicode
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
ExitWindowsEx
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
FindWindowExW
RedrawWindow
GetWindowLongW
SetWindowLongW
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
GetClassNameA
SetWindowLongA
SetPropA
GetDlgCtrlID
SetWindowPos
GetMenu
DrawFrameControl
IsWindowEnabled
RegisterWindowMessageW
GetDC
ReleaseDC
DrawFocusRect
KillTimer
SetTimer
GetWindow
GetPropW
IsIconic
GetLastActivePopup
CheckMenuRadioItem
GetCursorPos
SetCursor
LoadAcceleratorsW
TranslateAcceleratorW
SetParent
PostThreadMessageW
LockWindowUpdate
GetDCEx
IsClipboardFormatAvailable
CharUpperW
GetClassNameW
UpdateWindow
CallNextHookEx
WindowFromPoint
ScreenToClient
SetFocus
ReleaseCapture
keybd_event
SetWindowsHookExW
UnhookWindowsHookEx
GetCapture
SetCapture
GetMenuStringW
GetMenuItemCount
GetMenuItemID
DestroyMenu
IsWindowVisible
GetSystemMetrics
TrackPopupMenuEx
DeleteMenu
GetDesktopWindow
InvalidateRect
OffsetRect
GetSysColor
GetFocus
InflateRect
GetPropA
GrayStringW
DrawTextW
TabbedTextOutW
CopyRect
GetSysColorBrush
RegisterClipboardFormatW
ShowOwnedPopups
PostQuitMessage
MapDialogRect
GetAsyncKeyState
IsZoomed
ValidateRect
LoadStringW
BringWindowToTop
UnpackDDElParam
MsgWaitForMultipleObjects
ReuseDDElParam
GetParent
PostMessageW
LoadMenuW
GetSubMenu
ClientToScreen
PtInRect
SetMenuDefaultItem
GetSystemMenu
InsertMenuW
GetWindowRect
CheckMenuItem
DestroyIcon
LoadIconW
LoadImageW
IsWindow
GetClientRect
DestroyCursor
LoadBitmapW
LoadCursorW
GetKeyState
SendMessageW
SetForegroundWindow
EnableWindow
CharNextA
DefWindowProcA
DefDlgProcA
GetClassInfoA
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
ShowCaret
HideCaret
GetWindowTextLengthA
UnregisterClassW
SetActiveWindow
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
GetDeviceCaps
CreatePen
CreateSolidBrush
CreatePatternBrush
SetRectRgn
GetCharWidthW
CreateFontW
GetTextMetricsW
EnumFontFamiliesExW
CopyMetaFileW
CreateRectRgn
CombineRgn
SetTextColor
SetBkMode
CreateBitmap
SetBkColor
SaveDC
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
RestoreDC
CreateDIBSection
DeleteDC
PatBlt
DeleteObject
SelectObject
GetBkMode
GetBkColor
GetTextColor
GetTextExtentPoint32W
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
GetObjectW
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
CreateFontIndirectW

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegSetValueExW
RegCreateKeyW
RegSetValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
SetFileSecurityW
GetFileSecurityW
RegCloseKey

shell32

DragAcceptFiles
DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconW
SHFileOperationW
ExtractIconW
SHGetFileInfoW
DragFinish
SHGetSpecialFolderPathW

comctl32

ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag
ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked
ImageList_DragMove
_TrackMouseEvent
ImageList_GetImageCount
ord17
ImageList_Destroy
ImageList_Create
ImageList_DrawIndirect
PropertySheetW
DestroyPropertySheetPage
ImageList_EndDrag
CreatePropertySheetPageW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleGetClipboard
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleDuplicateData
RegisterDragDrop

oleaut32

SysFreeString
SysAllocString

shlwapi

PathIsFileSpecW
PathGetCharTypeW
PathRemoveFileSpecW
PathFindExtensionW
PathIsURLW
PathFindFileNameW
PathIsDirectoryW
PathFileExistsW

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdb916dcd720ae19d666474d3cfa9911

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

shlwapi

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: - Virtual size: 218KB

.data Size: - Virtual size: 817KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.8MB - Virtual size: 3.8MB

.rsrc Size: 72KB - Virtual size: 295KB

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 218KB

.data
Size: - Virtual size: 817KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 72KB - Virtual size: 295KB