c0da134291a95d168da85c7f6fa8edb4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0da134291a95d168da85c7f6fa8edb4_JaffaCakes118
Size

883KB
MD5

c0da134291a95d168da85c7f6fa8edb4
SHA1

9e58b1e2d9a86e267a232ad5a3c4cd59e8a5bf6c
SHA256

13c461f7fdd4c9d0e76c0b0aa801ce8d2e1b1d2b8d491ebe659a49fed2076634
SHA512

edc6a9e862d915f7ed8c3d812817b82015f884a0362aa8f611c1f6bd5e2809795851d6721ad136926cf91cdb48004d7c9e93d95c5666ad9e9cabdf0f1dd45430
SSDEEP

12288:gfAsaMvJ13vO1xV8U9ZqEIiaSTbfhpWGHjEAHvwCPwQjCO9PTwnRJyVj5ZZZZZZD:gfAmL29/fWUwCICn53HuHP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0da134291a95d168da85c7f6fa8edb4_JaffaCakes118

Files

c0da134291a95d168da85c7f6fa8edb4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4cbc8df14c2b6ec9b72383592085703b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapFileAndCheckSumW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

kernel32

WritePrivateProfileStringW
SetErrorMode
GetStartupInfoW
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
LocalFileTimeToFileTime
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetFileAttributesExW
CreateFileW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
MoveFileW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
GetFileSizeEx
InitializeCriticalSection
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
SetEvent
ResumeThread
GetProfileIntW
GetTickCount
InterlockedIncrement
SystemTimeToFileTime
InterlockedDecrement
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
CopyFileW
GetCurrentProcessId
lstrcmpA
lstrlenA
Sleep
GlobalSize
WideCharToMultiByte
GetModuleHandleW
SetLastError
GlobalReAlloc
GlobalFree
GetNumberFormatW
GetLocaleInfoW
GetVersion
MulDiv
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
WaitForSingleObject
GetLongPathNameW
OpenProcess
lstrcmpW
MultiByteToWideChar
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GlobalAlloc
LocalUnlock
LocalLock
LocalAlloc
GlobalUnlock
GlobalLock
lstrcpynW
lstrcmpiW
SizeofResource
GetPrivateProfileStringW
FreeLibrary
GetProcAddress
LocalFree
FormatMessageW
GetLastError
LoadLibraryW
FreeResource
LockResource
LoadResource
FindResourceW
GetVersionExW
CloseHandle
DeviceIoControl
CreateFileA
GetFileAttributesW
lstrlenW
GetPrivateProfileIntW
GetSystemDefaultLangID
lstrcatW
lstrcpyW
GetModuleFileNameW
DeleteCriticalSection
GetFileType

user32

CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
SetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
SetWindowPos
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
GetMenuItemCount
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
EnableMenuItem
CheckMenuItem
SetScrollRange
TranslateMessage
PeekMessageW
IsChild
GetActiveWindow
SubtractRect
GetWindow
GetUpdateRect
EndPaint
BeginPaint
SetFocus
MessageBoxW
SetWindowLongW
CreatePopupMenu
ShowWindow
EqualRect
GetDesktopWindow
GetCapture
DispatchMessageW
GetMessageW
UpdateWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetActiveWindow
SetParent
GetClassNameW
GetMenuItemID
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
RegisterWindowMessageW
MapWindowPoints
GetMessagePos
SystemParametersInfoW
GetKeyState
SetScrollPos
GetScrollPos
ShowScrollBar
EnableScrollBar
ValidateRgn
IsRectEmpty
IntersectRect
SetRectEmpty
ReleaseDC
PrintWindow
GetDC
PostQuitMessage
SetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
PostMessageW
SendInput
GetForegroundWindow
CharLowerW
KillTimer
SetTimer
MessageBeep
ReleaseCapture
SetCapture
ValidateRect
GetFocus
InflateRect
ScreenToClient
GetAsyncKeyState
LoadImageW
UnregisterClassW
CharUpperW
SetRect
WindowFromPoint
DestroyMenu
RedrawWindow
RegisterClipboardFormatW
ClientToScreen
GrayStringW
TabbedTextOutW
SendDlgItemMessageA
ScrollDC
WinHelpW
GetSysColorBrush
FillRect
FrameRect
DrawFocusRect
DrawEdge
DrawTextExW
OffsetRect
DrawTextW
LoadBitmapW
GetSystemMetrics
DrawFrameControl
SetCursor
LoadCursorW
PtInRect
GetClientRect
GetParent
InvalidateRect
IsWindow
MapDialogRect
CopyRect
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
wsprintfW
GetWindowTextW
IsWindowVisible
ModifyMenuW
GetSubMenu
LoadMenuW
GetWindowRect
GetSysColor
LoadIconW
EnableWindow
SendMessageW
PostThreadMessageW
SetWindowsHookExW

gdi32

GetBkColor
SelectClipRgn
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleWindowExtEx
DPtoLP
ScaleViewportExtEx
SetBkMode
SetBkColor
GetClipBox
CopyMetaFileW
Polygon
CreatePen
SetTextColor
DeleteObject
GetObjectW
SetViewportExtEx
SetWindowExtEx
CreateFontIndirectW
SetPixel
CreateRectRgnIndirect
FillRgn
CreatePolygonRgn
RestoreDC
CreateFontW
SaveDC
GetDIBits
StretchBlt
GetTextExtentPointW
CreateDIBitmap
Ellipse
GetStockObject
Arc
CreatePatternBrush
Rectangle
StretchDIBits
ExtTextOutW
GetTextExtentPoint32W
LineTo
MoveToEx
DeleteDC
CreateSolidBrush
CreateDIBSection
CreateBitmap
BitBlt
SelectObject
RealizePalette
SelectPalette
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetFileSecurityW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueW
SetFileSecurityW
SetNamedSecurityInfoW
RegDeleteValueW
RegOpenKeyW
RegCloseKey
RegSetValueExW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathCompactPathW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
OleRun
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoInitializeEx
CoCreateInstance
CoUninitialize
CoDisconnectObject
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateBindCtx
CLSIDFromProgID
CreateStreamOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleDuplicateData

oleaut32

LoadTypeLi
VarCyFromStr
VariantCopy
SysAllocString
VariantInit
SysStringLen
VariantChangeType
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VarUdateFromDate
GetActiveObject
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cbc8df14c2b6ec9b72383592085703b

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 545KB - Virtual size: 545KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 22KB - Virtual size: 43KB

.rsrc Size: 91KB - Virtual size: 90KB

.vmp0 Size: 63KB - Virtual size: 63KB

.vmp1 Size: 13KB - Virtual size: 13KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 545KB - Virtual size: 545KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 22KB - Virtual size: 43KB

.rsrc
Size: 91KB - Virtual size: 90KB

.vmp0
Size: 63KB - Virtual size: 63KB

.vmp1
Size: 13KB - Virtual size: 13KB

.reloc
Size: 36KB - Virtual size: 35KB