ced8eb5192887bee708bf648b407a98f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ced8eb5192887bee708bf648b407a98f_JaffaCakes118
Size

1012KB
MD5

ced8eb5192887bee708bf648b407a98f
SHA1

519d4a2e3e8f63178e578d1e0af58db31670b72b
SHA256

29d26c0a8a7f9d8e046e4185c6b127fbd6c4cfede701192a7c1372a8ba32b93e
SHA512

4bc47bcaf8f1120c94fa014cbd614800764975e650e97dfba47f6c4da9fee5c08ded95b5a8f201a259c25db1b2b0376ae9bd3e2ca5b8f9f545dbf4e470d9cfc3
SSDEEP

24576:imWuBlcSFqBJnTOqqJIckBhV5yEldKMnptG:vRGzGJIVp8MnbG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced8eb5192887bee708bf648b407a98f_JaffaCakes118

Files

ced8eb5192887bee708bf648b407a98f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

91a6403174e94ea5fdbae73b11b7040d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
DeviceIoControl
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
ExitProcess
SetFileTime
GetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
lstrcatA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
WinExec
GetWindowsDirectoryA
LocalSize
FreeLibrary
GetVersion
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
TerminateProcess
ExitThread
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
GetProfileStringA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvfw32

DrawDibClose
DrawDibOpen
ICDecompress
ICSeqCompressFrameStart
DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

user32

MessageBoxA

Exports

Exports

vN��yQ�v��.�@sm�=��Y)ljՂ�+��̑.�!�S�!��Ohh�I �HHc��k+� ��c��߃��?�."M�(��zw��QJ.p��o$��O+�imzb��(��">��8K��/l,�'�N�,�cUpG�_�<�[��KI�@OA��*�.�⢟ip~��'�M��F��6��r��!3��/��!�򠜇�gz��Dp��5@ӏa�怙*׍�d�1Zsy�n�4owLh8'G�ʆgDg��hM�u�yZR��}[}㶍��İl�@ꑊn�:wU��5��.��U9Ӵ��JuWIՒ��e��!��-'>Ay!E��_��]eV"h��ۨ֍��qN�>>\)f�̾�Y_��=��>��#qŖ�OY�]p�t5YY;d�_䲱�0Oj�Zl�L/ ��d�#s�?�#�� X�դ��eՉ�k"e��>�R��t�^x��d��K��s�)��/<p�.s�f�O;�*�TZ|�B��/p�T`�7�� $c'�"�N�?�F};�Puέ��iL��!΍��C{�b%��~��)�w�L�:ӛ`�q��V�ޔ�Y�c^i(�*ZZ�J��n��r�Zz51}�6��;z��7��Ht�E��W�m��iP!�kb(��" xی��C��烷��M��,] m��c��6�A, �N�TE�ԡ�/��(7ĭ�[%O.�v(�Q�IJhj�m,}2vH ;��EZ"�\��vô%� %6�Y1��7΀ *.�v��p�4��F$�U)�ϭ؜2�i8�y��+taeCb��v3��F�1y�7��l(5f��]��+Kp�E8_m��J2��^徭k��J��/�!H��9\ٽбz$��Jw��3= ��ڼ��T�Wm�_��44.�Y�:?��џc�1c�Ԛ��[��J�q��>-^�k��!I��U��x{��r¿��k[D�[��O��LZ��¯)��1��<˞��^��5cѤ��]H�Κ�(�*E9ʞ0k��K�:p ��s��"�ډ��՝�F��JeR�^��E1l�d��~�PO��s�8A��~�3X�(�1��+X�O�c��ϸ?ԑ��Q��'\�8�ό�ά��i�o;c*�|�G�A��ϭ�EAD�[B�tHT��&M=�\!�|�� 6{�m�BQ��$��?��C��[H��V�0�B�|��y�d��8�) U4o5�׵m�&Wi8(�7hE$M�� D��{��Վ�ip,#��Z.y��ګ�d��E��@��-軨��_�<�6j�� u_j �K67��b��B)�!v|\��s��>�VgQ�$�%�L�t,�{ہ�2��Bf��E��Wd��ꑄ��0MA�8h�lN� ��z 4U��$/FoZ�@�U$�H�V��i�ZIqQ~�L�o'��s9$�;��V�qѠ?#��lZ,�o䶓�CE��f�^��&6�J�=��V�X��?ɚ��"��\}�=��Qō��+��6�d)� ��=��8��I�y٦��0��m>�x؆M�`�V�|q��H��W�&-�q��z��l�)W�,��$i�D6��v��)��N�6��J��ͮ&*�)'0�ӕ57�(��{4��(�S��R0�,N͞P�� b9�|��,>��W@v�mO��JĽ]�u��ݭ�m�u�m�o�j��l��o��n,@��$�^n�F2�膁�г�(@ixA&So�N��?U�a�)��Q��͘ѫ*�.��Ƒg��/�z3=�&K�8�cMVZ��(�2N��l_��^w��HvG�;��[J�ϊh��D�G��rr<��k��3�Q��~]�7��eB4�QR�JX��?��؁�"��c`��6��%K��s�T@HV�bi��h�Tw��Ύ�=W��xcϑ'U+M��a應�� -T�E��ft,2�h�M��3�5��)��)V�v-��p�b^ڜɌu�,�ቦ��%��v�I=��h��"=��O��Y3&��.(�cVk|B� lУ+7�Ȝ6�m6�-� ��@'�?{�n��'�P$�� [��Av��90�M[�t�Y��;��:wU��<1�_��K;��R�Q}�I�U,��'��R4�5>R{zv�I�ɗ��2��`�'�2I�5)_�U��DF=��1��ذډz��ʛ��偻p�P��Є�Q��w9$z�\�4$L� �"��=㌚r� b}�T�� o<m�｠K��`��A0͜P�Ƅ�D!XIE�>~щ��?��Q�S�܂ X¨d��<F�p�$d�{ܥ|�5�i?֩��E�A�Ewy �|� Ԑ��G�1޾,;/si�&~jikijf�/��;ͿU�-��b(D��e�y�F��)�d�,��]EϏ,�=p��U��S�mw�[!��Y�.=�z��vʕ#' �ϱ��B�tl �%e��T��;,n�q)�� h��v�9��oX�*��z�3��.�J�@�$�;3C0�k$oV�p��q�B��Y�y��M��&��A��.�Y �s�H��\�]��'!�=m�)�?��n,��Z�T�ȤH-��XQB:��<a�o�JD�`��v�O_��Fo\n�i銞GH�$�ѽmJ�&$��S�[��)�҉*��,W��U��w�r�R�:�g k�%��4��V��w)�4ɓLFΖ�n��_!� 7�'��X�C�.�+��HP8s��MD2t�m2��žUiP�Q�#��Xb�l`@jG��u��l��A��{�!��t!��>�� S�絣�Ą�$�m

Sections

.text
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 997KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 932KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91a6403174e94ea5fdbae73b11b7040d

Headers

File Characteristics

Imports

kernel32

msvfw32

wininet

user32

Exports

Exports

Sections

.text Size: - Virtual size: 396KB

.rdata Size: - Virtual size: 88KB

.data Size: - Virtual size: 48KB

.rsrc Size: 68KB - Virtual size: 997KB

.vmp0 Size: - Virtual size: 12KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 932KB - Virtual size: 928KB

.reloc Size: 4KB - Virtual size: 164B

.text
Size: - Virtual size: 396KB

.rdata
Size: - Virtual size: 88KB

.data
Size: - Virtual size: 48KB

.rsrc
Size: 68KB - Virtual size: 997KB

.vmp0
Size: - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 932KB - Virtual size: 928KB

.reloc
Size: 4KB - Virtual size: 164B