d416c575f68ef5c99dc605ef874b5c9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d416c575f68ef5c99dc605ef874b5c9d_JaffaCakes118
Size

272KB
MD5

d416c575f68ef5c99dc605ef874b5c9d
SHA1

ec8bf8c8c2a4766827ef838adb5f7cc7fe704327
SHA256

0744fc6d2d2fd95361daaf5317a9d919e7a5366f7fbd21aa8b0659bbb0325aff
SHA512

b85728518c155e594ed3f35103869a7482bddcd652ed7c871776b55a2a23f573a3fa64393d606a3339c19bf2d40a96bc0934d5412c5ff3f6acdb860c23f3a90e
SSDEEP

6144:LvezoYgy8z9sFzo0IAUTeAotzGD7jp6hF6RW9c+Z1t:nr6UloNY6AqX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d416c575f68ef5c99dc605ef874b5c9d_JaffaCakes118

Files

d416c575f68ef5c99dc605ef874b5c9d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

04ce8d683e9a915bf3865cae1601e3f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
RaiseException
VirtualAlloc
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
GetACP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GlobalFlags
GlobalAddAtomA
CreateFileA
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentThreadId
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
GetModuleHandleA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
SetLastError
CreateThread
InterlockedDecrement
TerminateProcess
WideCharToMultiByte
GetTickCount
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileStringA
ReadProcessMemory
ExitProcess
Sleep
FreeLibrary
VirtualAllocEx
TerminateThread
ResumeThread
Thread32First
lstrcmpA
Thread32Next
OpenThread
SuspendThread
OpenProcess
VirtualProtectEx
WriteProcessMemory
LoadLibraryA
GetProcessHeap
GetProcAddress
lstrcpyA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetLastError
CloseHandle
FindResourceA
LoadResource
LockResource
GetStdHandle
SizeofResource
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetMenu
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowPos
SetWindowLongA
IsWindow
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDlgItemTextA
ShowWindow
DialogBoxParamA
DestroyWindow
IsDlgButtonChecked
CheckDlgButton
SetTimer
SetDlgItemTextA
FindWindowA
GetWindowThreadProcessId
GetWindowLongA
GetClassNameA
SetForegroundWindow
MessageBoxA
EnableWindow
GetDlgItem
SendDlgItemMessageA
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
SetWindowTextA
MapWindowPoints
RegisterClassA
MessageBoxA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

comctl32

ord17

psapi

GetMappedFileNameA
GetModuleFileNameExA

ole32

CoInitialize
CoCreateInstance
OleRun

oleaut32

VariantChangeType
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
GetErrorInfo

Exports

Exports

:�7z��a��3b]<� e!��*-��F�%x��?��t׬��o5�s �a�K�e��S`��*m�o�� ;��Z�V�f�b ȰʺϳO�56��e�ç_m�lR��G��Se��X`��Mb��J~-Җ=H��%pP��&�Dy|f`��kc��1�j{ݍ��f�*D��n[֊ٚ�cVj\c4��#9[��~�Hi4|�3[��Nj%��I%4��)��fנ)��!�� [L�Y�W=�C\�v�g@B��W�NZ�T��ZT�G�.�\��ݥ�B�*��_��)��ʦs6��Ң��g�О ��D�kʆ��r=A��b Nz��nd��Q��6�EB֦;�*S��ZO�g��OT��z��3��B�?�(��}��[�ӑ6iOY��~N&&�i�� 7);��>��VVͺ5�R��!I��u�Ee E��lD�Ť��HJ�1��}�_qT5;��R�j�K�{QG��d甃��'9�� U��A�}�ݕS��Pe�g��_��8�yR.BO��V�J�u�oz]!�BūE��/ʋN$��q�$��pp�/$��i�3j4��yx'H�)v�ޣ��Q�@��L��6A��3��D�C�d#��M�du�JU�5��d - W��,��j!�<1v�Ou�V��Y�ۘ��|��亗+P�R�ę9��e�W$Ym�ڕy�@�X�$?�� J�|�t�8��X�9?1�ރBU��)ژ� d3Hk��D�%�k8-�r��!ĲjǛ�(��_�_��"��Pdg_8��ez�q��Y�^}��^�Yc`��r�ԈBN,�N��#��a�.7�ސ��۲q͔�+S>�+c�0�hc�f�4 �� R��`�{����S\��LX��+w��pI�F�r]��mf9W�� .@h�Z@�t�_��y~S�Z��A�S��D��t%�ײ��p�4�:�ը�jg��A��.!��㤯$\=��,��uaT��.E1k��e�Z|Z�̅��Sܟ\ ��M��J.$�;Ew1�9jh��טbAK��*�{(!��ɡ,�Fr��\��̀o�D�~$��D>�/ ��d�JF � ]=��ǒ��5�Q~�k��!P�~��c"�F�}g�uF&�m&҄5��B�/,�j/8�XۄP��o�}AI2�\7>��Ɋ�Pf W�[�� @��;��`k��EٛA��'.�oO��&M��V�Y��>��$��ފ��;�+��N��r�ٶAs�ɻ[ƫ�f<��%r��!D�)(�`�K0:QL�R��gHK��[6��!��p��)Zۦ��5i�b��`�"I�(��y ��,��UՍ�8Jծl-bm�K��a[�)�'pH��2yv��6I��@�Y<��Z>9��*� ��^�� gsaGb�\��u�E�cVX�cU�i�2D�ʿ��&��`�M ��m�8D�m�>Γ7��.j�:��A�oewʰ��J��[�9�ߣ:��'�-Wx��\~�@�� a\�S�V��7Nu�&-��K��{34;[��WT[��F@��,�W�d_q[?�X��M�8�uL�I��"ᵽ)� ��m�7��L?�Ip��[�2�3� �C�n�E�Y=�T�5`��/~��~Ҵ$-鉛��d X ��E��uEb��*�j\%�kfȾ��'zf��:��)�d�X�K�r�"�*L��!v��ZRP�?��rm�x��)��OI|��'Lf�D�>�uRnQQR|:��9�AT��"��{}�WBt'��RGZ��#䫐�I�엝�#}锶DDn{��t��D��O�h��HCz��>a�ˊ��L�Z^��栤k��H>8��ZFW��"��m ƣ��OÍ��k��[J�X"��}��i)��k�湐kt�/�i��ۣo/��U�Kn ��K��Ġ/��;��'��˝Kɤ �i�E��1��G�:��9<}��شњ��f�0B<��wy1!��~�nu��C��;��2�֓�w� &Ǆ9N}��bUֽ>��]0�te�<}�� 6fg��D-� ��Y��|3��i�]��?��r�5��d�`G�d=�"z��,�7ۻe��϶��f.�� Eا�(�@d~��G�d��b}��Ԛ\nټɆW�g�##�!?�;�;��%F�}m�e7��coS�~W�ޜ�\�L?;��2%$fAm�� \ ho�ڱ*/�R�L�@��2��Ȯ�� @eH�]�tu��=��H��1��P�J,��f��Q*�L'�z�}B��:D�[�X�\λ�!u��DJ�k�]�A��䢓�H��F/u�+�#�F�$X�*��tI>Ho�4Z��b��̙T�Y��$� K6��" ��B��;o�χ=r��Y^*�|�;a��ؓUx]p�yh"��ca�k-]4�?D�/ͤ��d>��^OC �Zg]��ş ��1E�[�D#r�V��0�9ㆀ]z�t��z�ܸ��d骳�* ǋ�ʔ�"�� 0�u��j�3��:�?��:��7ƄI��/�z��> ��F��V��Lz��ڐD8p��v��=�C�P�.GX��9�I_U��^��t�Iv�Ah�*�o��Rj�dfм��Ls�Y䤀�i��G��]`��Re�|/ h+LT�r��ŇGC��D\�t ��90� Kti#��89�|�9`_�+<�hb�9�� G4�;C�T/�fEM��y��! 6��w��W9�.�G"��]�g�u�G�-y��'QK�D��O��~

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ce8d683e9a915bf3865cae1601e3f4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

psapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0 Size: 29KB - Virtual size: 28KB

.vmp1 Size: 8KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 49KB - Virtual size: 49KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 29KB - Virtual size: 28KB

.vmp1
Size: 8KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 49KB - Virtual size: 49KB

.reloc
Size: 9KB - Virtual size: 9KB