bff821e3564c7bd0e12aaf43d41ff298_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bff821e3564c7bd0e12aaf43d41ff298_JaffaCakes118
Size

328KB
MD5

bff821e3564c7bd0e12aaf43d41ff298
SHA1

fc5df7208b9640f97a4ce1db791e3d7d524226a6
SHA256

14a540e5478df39c122eb443d0ad9b4233b19cbbbf302431e326a1c171b2e558
SHA512

631625ef7f108151f296debbd6717fc3ffe13ca915a81bf98dfa16a2a35873d6e6ca14d81b0981da61392164ac8d1c4c5f0336d7d8b13fa06b003b698163a987
SSDEEP

6144:fisHj9OiV/Z9NLiAPj3EBNuGKoZ+Ca0tcaJwM+LeYuZ1Ix/v1R6uaku:T0iRVLiAPj3g0poZ+Cag3z+69q/tRIk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bff821e3564c7bd0e12aaf43d41ff298_JaffaCakes118

Files

bff821e3564c7bd0e12aaf43d41ff298_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2994ed06bade85d8235575dd2c3c9c54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowWindow

gdi32

GetObjectA

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

comctl32

ord17

Exports

Exports

InstallHook
UnInstallHook

Sections

.text
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2994ed06bade85d8235575dd2c3c9c54

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 63KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 7KB

.vmp0 Size: - Virtual size: 11KB

.vmp1 Size: - Virtual size: 214KB

.vmp2 Size: 316KB - Virtual size: 315KB

.reloc Size: 4KB - Virtual size: 208B

.text
Size: - Virtual size: 63KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 7KB

.vmp0
Size: - Virtual size: 11KB

.vmp1
Size: - Virtual size: 214KB

.vmp2
Size: 316KB - Virtual size: 315KB

.reloc
Size: 4KB - Virtual size: 208B