c7598b63728b40b3e7ae9d9ea53b84ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7598b63728b40b3e7ae9d9ea53b84ea_JaffaCakes118
Size

67KB
MD5

c7598b63728b40b3e7ae9d9ea53b84ea
SHA1

eab22173eeec00aa00f414d617153b58897b5297
SHA256

c39e99f444f7b8b1ef7faee4cf0f203b979fb900bea21ba395617c781acb843a
SHA512

61d9c117773749c7527a2336963be00873b972e3a0399d9c748d01e98178048767f7fec42380db554e2f54fb29f1d2b1e9d65c6fc13f925f6bcbf07c0212161d
SSDEEP

1536:qw37ffDDortPWbJ0ALHCEB9BjnX7hTqYabt8oFMwj9D7wFE:qu7fePWbjLHCEB9BjX7hT6VFZ5D7w

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7598b63728b40b3e7ae9d9ea53b84ea_JaffaCakes118

Files

c7598b63728b40b3e7ae9d9ea53b84ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7bc53e0880fa01d1192e6dbbc9413be7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2915
ord1158
ord540
ord860
ord535
ord858
ord800
ord823
ord825

msvcrt

_initterm
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
strncpy
_controlfp
__CxxFrameHandler
exit
strstr
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
srand
strcspn
printf
strncmp
rand
malloc

kernel32

GetTickCount
WriteFile
CreateFileA
GetFileSize
CreateThread
lstrcpyA
GlobalMemoryStatus
GetVersionExA
GetModuleHandleA
GetCurrentProcessId
GetProcessHeap
HeapAlloc
InterlockedExchange
GetModuleFileNameA
GetWindowsDirectoryA
Sleep
ReadFile
CreateProcessA
GetStartupInfoA
CloseHandle
FindClose
FindNextFileA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
CopyFileA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
WinExec
GetCurrentProcess
GetComputerNameA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcirt

??6ostream@@QAEAAV0@H@Z
?cout@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z

avicap32

capGetDriverDescriptionA

ws2_32

setsockopt
send
recv
gethostbyname
inet_addr
WSAStartup
closesocket
connect
socket
htons
shutdown
sendto
WSASocketA
gethostname
inet_ntoa
WSAIoctl

Sections

.text
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc53e0880fa01d1192e6dbbc9413be7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

msvcp60

msvcirt

avicap32

ws2_32

Sections

.text Size: - Virtual size: 31KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 7KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: 65KB - Virtual size: 65KB

.reloc Size: 512B - Virtual size: 144B

.text
Size: - Virtual size: 31KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 7KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: 65KB - Virtual size: 65KB

.reloc
Size: 512B - Virtual size: 144B