d0ae69c71826281a47fc616df1966741_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0ae69c71826281a47fc616df1966741_JaffaCakes118
Size

1.4MB
MD5

d0ae69c71826281a47fc616df1966741
SHA1

6b0af16974584af9c8ceb59aa9a75aeca114b7f1
SHA256

4c479c189b5c99f1a0e9395f61a5b63f25d48a7bf334abcdaf957b58d6b27235
SHA512

55edad8c56c2e35ae749b4e4eed145a2370936c2968183bcbe36c552f9041319f7f1cdf287907c8c64cffb7e78d22ec289a2ba1546b3f532bf192f55210bc914
SSDEEP

24576:qJdIyUHhwX1G6DFDjXfLIZIACv3zr1IPqUduKuaHRKTtAKc33El7gKaSC/ApGYtS:qJdIyyhwX1GIFnsZ44qUoKm55CYpnKTV

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0ae69c71826281a47fc616df1966741_JaffaCakes118

Files

d0ae69c71826281a47fc616df1966741_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1434cbb95684f5dc278cc367f2286fea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

SystemParametersInfoA

gdi32

Escape

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyA

shell32

DragQueryFileA

comctl32

ImageList_Draw

shlwapi

PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemFree

oleaut32

SafeArrayCreate

wininet

InternetCloseHandle

ws2_32

__WSAFDIsSet

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1008KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1434cbb95684f5dc278cc367f2286fea

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

ws2_32

Sections

.text Size: 224KB - Virtual size: 220KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 24KB - Virtual size: 20KB

.vmp0 Size: 1008KB - Virtual size: 1004KB

.vmp1 Size: 92KB - Virtual size: 91KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 224KB - Virtual size: 220KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 24KB - Virtual size: 20KB

.vmp0
Size: 1008KB - Virtual size: 1004KB

.vmp1
Size: 92KB - Virtual size: 91KB

.reloc
Size: 8KB - Virtual size: 6KB