d0d48ce3230df4246cb9366256e65986_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0d48ce3230df4246cb9366256e65986_JaffaCakes118
Size

428KB
MD5

d0d48ce3230df4246cb9366256e65986
SHA1

3d4d4f7880fa523d7def3226e240fc928d607eeb
SHA256

90322780619487c9898c9a16e50ba5de7714635e7e222214a9f06feffa79eb89
SHA512

ccba022491e06734ba84a27f5d2c4d2d238dae9ccc04ab8e2578a1606be55988b4de0eca6efb9f0226ec5a312277e1ead6a24e015626c864ae21bd9a10124c86
SSDEEP

6144:xPrUcgU5LmW9dsYEBsromatY3yOFkjLJk11reDfsEbYqTFaVBLZyUbhhZ/nacD+0:xP4udEYK4zsJQkP+H6kEFM1yernYbB50

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/paul.dll	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/paul.dll

Files

d0d48ce3230df4246cb9366256e65986_JaffaCakes118
.rar
paul.dll
.dll windows:5 windows x86 arch:x86

484855496f2cb255de3f4baba6592e79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadPriority
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CreateWindowExW

gdi32

OffsetViewportOrgEx

winspool.drv

DocumentPropertiesW

advapi32

RegEnumKeyW

shell32

ShellExecuteW

shlwapi

PathFindExtensionW

oleaut32

VariantInit

Exports

Exports

drm_pagui_doit

Sections

.text
Size: - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skidrow.nfo

Sharing

General

Malware Config

Signatures

Files

484855496f2cb255de3f4baba6592e79

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 183KB

.rdata Size: - Virtual size: 47KB

.data Size: - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 510KB

.vmp0 Size: - Virtual size: 35KB

.vmp1 Size: - Virtual size: 254KB

.vmp2 Size: 430KB - Virtual size: 430KB

.reloc Size: 512B - Virtual size: 236B

.text
Size: - Virtual size: 183KB

.rdata
Size: - Virtual size: 47KB

.data
Size: - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 510KB

.vmp0
Size: - Virtual size: 35KB

.vmp1
Size: - Virtual size: 254KB

.vmp2
Size: 430KB - Virtual size: 430KB

.reloc
Size: 512B - Virtual size: 236B