bf9820790216b157ce19d6e9b1574e30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf9820790216b157ce19d6e9b1574e30_JaffaCakes118
Size

438KB
MD5

bf9820790216b157ce19d6e9b1574e30
SHA1

1bd1ce9f13c7a4c8b5d424a68521c323750100b7
SHA256

e81d78b43ca73e19a5b27ffe4164740e96d39cd49c035ae72bc5ead37a7ac4db
SHA512

18011eee1b7d74a99b558e86ebc538bf65046e63c44c962f8ce258c44f73b7a694eae390e7ccb3eca71169b2f83020c3f0d29bdddb98926c1e6efc0f6121b59b
SSDEEP

12288:/889LvFivyqlgU6OeuUbnS1EGQg8SKG+sCxZozI:/X9LcpgDnkToGlIWI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf9820790216b157ce19d6e9b1574e30_JaffaCakes118

Files

bf9820790216b157ce19d6e9b1574e30_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a46f23961fa5acea150d4a7787830b1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundW

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnumWindows
MessageBoxA

shell32

ShellExecuteW

ole32

CoCreateInstance

shlwapi

PathAddBackslashW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SendCommand

Sections

.text
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46f23961fa5acea150d4a7787830b1e

Headers

File Characteristics

Imports

winmm

kernel32

user32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 364KB

.rdata Size: - Virtual size: 46KB

.data Size: - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 292B

.vmp0 Size: - Virtual size: 27KB

.vmp1 Size: - Virtual size: 228KB

.vmp2 Size: 436KB - Virtual size: 436KB

.reloc Size: 512B - Virtual size: 228B

.text
Size: - Virtual size: 364KB

.rdata
Size: - Virtual size: 46KB

.data
Size: - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 292B

.vmp0
Size: - Virtual size: 27KB

.vmp1
Size: - Virtual size: 228KB

.vmp2
Size: 436KB - Virtual size: 436KB

.reloc
Size: 512B - Virtual size: 228B