bdd5c6d40f2a1eac7d2eeabc576b6165_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bdd5c6d40f2a1eac7d2eeabc576b6165_JaffaCakes118
Size

47KB
MD5

bdd5c6d40f2a1eac7d2eeabc576b6165
SHA1

7a3fc7895f23901887daa14910ef9c8544cd86f7
SHA256

a30d404108dc5d22b658d3405432be26afae5a354311e7bdcb7bbc84a8009572
SHA512

90e094a92bdcaf6c3e7d3a43ac6fd9a8c0d78a34788180973f85caf5e4e49d419d5acb5dd7587af2ee936190a975bd8f6b7cf3b632af92d752f477fc2e3896db
SSDEEP

768:AlCEcACR2DMByYgv9v7utgUALI7beFetxXVBprBBQARQkZGeMXc/2tv0rMKjD5bv:AlChVR2oN5/XVBprBBQARyA2tWjtpvZ0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdd5c6d40f2a1eac7d2eeabc576b6165_JaffaCakes118

Files

bdd5c6d40f2a1eac7d2eeabc576b6165_JaffaCakes118
.dll windows:4 windows x86 arch:x86

812f95da20b6b3fee0041b4928c24650

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memcmp
memcpy
strlen
strstr
_snprintf
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

kernel32

lstrcmpA
GetTempFileNameA
GetStartupInfoA
GetLastError
GetFileSize
GetExitCodeThread
WriteFile
WideCharToMultiByte
VirtualProtectEx
VirtualFree
VirtualAlloc
UnmapViewOfFile
CloseHandle
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TerminateThread
WaitForSingleObject
WritePrivateProfileStringA
lstrcatA
lstrcmpiA
lstrcpynA
lstrlenA
IsBadReadPtr
DeleteFileA
lstrcpyA
CreateFileMappingA
CreateFileA
MapViewOfFile
MoveFileExA
ReadFile
GetTempPathA

user32

SetTimer
MapVirtualKeyA
GetKeyboardState
KillTimer
wsprintfA
UnhookWindowsHookEx
CallNextHookEx
FindWindowA
GetWindowThreadProcessId
RegisterWindowMessageA
SendMessageA
ToAscii

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

812f95da20b6b3fee0041b4928c24650

Headers

File Characteristics

Imports

ntdll

ws2_32

kernel32

user32

Sections

.text Size: 23KB - Virtual size: 22KB

.bss Size: - Virtual size: 12B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 2KB

.vmp0 Size: 1024B - Virtual size: 734B

.vmp1 Size: 15KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 744B

.text
Size: 23KB - Virtual size: 22KB

.bss
Size: - Virtual size: 12B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 2KB

.vmp0
Size: 1024B - Virtual size: 734B

.vmp1
Size: 15KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 744B