bfb6849d3dd107b5469e54ec421615c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfb6849d3dd107b5469e54ec421615c8_JaffaCakes118
Size

436KB
MD5

bfb6849d3dd107b5469e54ec421615c8
SHA1

829b4879c2819e1438ea35d1dbf780fac020ec11
SHA256

f20a811c00d216dd102b86e284da8ac98c24c06d74f225dd562b3f3423f1b3cd
SHA512

1f355e84bfd9f08037061773a95a8f14681b72a63c7b2efc720035abdef3bc69cab73fd9cc09087c539400655a50f553250ed9be1a9c7c5d29a493f61b34706a
SSDEEP

12288:LX8lPhrGY9z1Dov59eeSAdl4Qo4fClYaHmd:z4lGY9RMvvRd3vZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfb6849d3dd107b5469e54ec421615c8_JaffaCakes118

Files

bfb6849d3dd107b5469e54ec421615c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8c8fd6db018945322423d36d15ddc1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
_stricmp
_strnicmp
strncmp
free
strncpy
atoi
_ftol
toupper
modf
malloc
strrchr
strtod
tolower

user32

GetWindowThreadProcessId
IsWindowVisible
EnumWindows
GetClassNameA
GetWindowTextA
FindWindowExA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MsgWaitForMultipleObjects
MessageBoxA
GetForegroundWindow
SetWindowTextA
GetWindowRect
MoveWindow
MessageBoxA

kernel32

ResetEvent
LCMapStringA
GetCommandLineA
SetFileAttributesA
DeleteFileA
ReadConsoleA
GetStdHandle
WriteConsoleA
GetStartupInfoA
CreateProcessA
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
WaitForSingleObject
CreateEventA
PostQueuedCompletionStatus
SetEvent
GetQueuedCompletionStatus
CreateThread
CreateIoCompletionPort
SetWaitableTimer
CreateWaitableTimerA
lstrcpyn
Process32Next
Process32First
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateToolhelp32Snapshot
Module32First
CloseHandle
VirtualProtect
GetModuleFileNameA
ExitProcess

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

wininet

InternetSetOptionA
InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

ntdll

RtlAdjustPrivilege

Sections

.text
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8c8fd6db018945322423d36d15ddc1e

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

shell32

wininet

ntdll

Sections

.text Size: - Virtual size: 31KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 471KB

.rsrc Size: 8KB - Virtual size: 4KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 420KB - Virtual size: 417KB

.reloc Size: 4KB - Virtual size: 116B

.text
Size: - Virtual size: 31KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 471KB

.rsrc
Size: 8KB - Virtual size: 4KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 420KB - Virtual size: 417KB

.reloc
Size: 4KB - Virtual size: 116B