d35c9b442d8fdfa7a7284a3f200ee9ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d35c9b442d8fdfa7a7284a3f200ee9ff_JaffaCakes118
Size

295KB
MD5

d35c9b442d8fdfa7a7284a3f200ee9ff
SHA1

df05c9414fa5c25dbe5e5be1d850ef25a6575e08
SHA256

1f1c2e9d6a7c0aa562f82a21017843140c8847e7cccabd5fe2f3d593dfae5953
SHA512

95e4572840b2c7215ba50ac0eaf61f588cf801c9c07ba25f5d2e89dff51f31e6e84dbad53b7ce114564abde5b5126ca90697de70e1bdacd8588406f379993f0a
SSDEEP

3072:BBdr/ZrLCt2Rhc5g2tVbXBmAwaK/ba1XdFFWHRaSSv9zKTPtEKvIZnbqowMVEiXM:BXZs2IfBw9mfSq4PtEKgpfCkY/2IC

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d35c9b442d8fdfa7a7284a3f200ee9ff_JaffaCakes118

Files

d35c9b442d8fdfa7a7284a3f200ee9ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b03cc7a805714853c6a01374a8e45d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
TlsSetValue
lstrcpyW
Sleep
VirtualProtect

user32

GetKeyboardType
CreateWindowExA

advapi32

RegQueryValueExA
ReportEventA
StartServiceA
SetSecurityInfo

oleaut32

SysFreeString
SafeArrayPtrOfIndex

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

wininet

InternetReadFile

wsock32

WSACleanup

winmm

waveOutWrite

avicap32

capCreateCaptureWindowA

msacm32

acmFormatChooseA

ws2_32

WSAIoctl

Sections

.wen0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wen1
Size: 275KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wen2
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b03cc7a805714853c6a01374a8e45d3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

comctl32

shell32

wininet

wsock32

winmm

avicap32

msacm32

ws2_32

Sections

.wen0 Size: - Virtual size: 1.0MB

.wen1 Size: 275KB - Virtual size: 276KB

.wen2 Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 10KB

.vmp1 Size: 17KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 544B

.wen0
Size: - Virtual size: 1.0MB

.wen1
Size: 275KB - Virtual size: 276KB

.wen2
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 10KB

.vmp1
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 544B