c7f3cc2cd7dccae1313b778d68e8d3ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7f3cc2cd7dccae1313b778d68e8d3ca_JaffaCakes118
Size

200KB
MD5

c7f3cc2cd7dccae1313b778d68e8d3ca
SHA1

2caa1f7f9ad541dcf4c2ee2a9ef3715647fc1352
SHA256

2d70f69021d0b76ff0a901be9645a692b3c9a4eeba77ef8d4b62e2ce4517e321
SHA512

c3ba8c4c92df70930f5041447c70a71dac42da33088020d65c0c00762f8307863bb99b63627142ec26ef2bdf306b4755f4cf41daa46460952f9a0cdd515cd768
SSDEEP

3072:F/I++ZZrMgsB/ouBUuVyMjL71sUdCfBfIzejBDQ5/+9cSDnBeaWGgSLnFMdWB3Qw:Ft+7rJ2+uxpHdowzejxNJDnQarnFMdL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7f3cc2cd7dccae1313b778d68e8d3ca_JaffaCakes118

Files

c7f3cc2cd7dccae1313b778d68e8d3ca_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8ec8892e0a863e9b3643e67c293216e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetAsyncKeyState
MessageBoxA

shell32

ShellExecuteA

msvcp90

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ

msvcr90

_amsg_exit

gdi32

CreateFontIndirectA

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ec8892e0a863e9b3643e67c293216e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp90

msvcr90

gdi32

advapi32

Sections

.text Size: - Virtual size: 120KB

.rdata Size: - Virtual size: 65KB

.data Size: - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 20KB

.vmp1 Size: - Virtual size: 76KB

.vmp2 Size: 197KB - Virtual size: 197KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: - Virtual size: 120KB

.rdata
Size: - Virtual size: 65KB

.data
Size: - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 20KB

.vmp1
Size: - Virtual size: 76KB

.vmp2
Size: 197KB - Virtual size: 197KB

.reloc
Size: 512B - Virtual size: 136B