d4c0cb9ff11d5ea41dd47bfe749ccf85_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d4c0cb9ff11d5ea41dd47bfe749ccf85_JaffaCakes118
Size

604KB
MD5

d4c0cb9ff11d5ea41dd47bfe749ccf85
SHA1

50318363756b76a4b39b426b9469407e24e1edef
SHA256

c149381e6113badfee34dcdc365a9245f96084c9b6174e2117e7a7747cf66d08
SHA512

b1a3897ad757cdf5a76b7ee6e6f876d2c51bb4ebf4279e234500602987176755237f9ede081e633a7bd68f34feab2efa102545571627fdd86542d9e418808673
SSDEEP

12288:Sf/qT4C7JK6UW74W763OM8X/gmQzFVaSNxX:CqTtJ6WqNeKFVHrX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4c0cb9ff11d5ea41dd47bfe749ccf85_JaffaCakes118

Files

d4c0cb9ff11d5ea41dd47bfe749ccf85_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0033f493f3cf4584de9c845a4e5b24ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
TerminateProcess
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
DuplicateHandle
GetProcessVersion
GetCurrentDirectoryW
GlobalFlags
lstrcmpiW
MulDiv
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FindNextFileW
FindFirstFileW
SetLastError
FindClose
DeleteCriticalSection
LocalAlloc
lstrcpynW
FormatMessageW
LocalFree
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
lstrlenA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
InterlockedDecrement
WaitForSingleObject
GlobalLock
lstrcmpW
GlobalAlloc
InterlockedExchange
GlobalDeleteAtom
lstrlenW
GetCurrentThread
GetCurrentThreadId
CreateFileMappingW
GetLastError
MapViewOfFile
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringW
EnterCriticalSection
IsBadReadPtr
LeaveCriticalSection
VirtualQuery
VirtualProtect
InitializeCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetTickCount
ExitProcess
GetModuleHandleW
CreateThread
CloseHandle
GetStartupInfoA
Sleep

user32

LoadIconW
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
wvsprintfW
UnregisterClassW
PtInRect
ClientToScreen
TabbedTextOutW
DrawTextW
GrayStringW
LoadCursorW
GetSysColorBrush
LoadStringW
DestroyMenu
CharUpperW
GetSysColor
SetFocus
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthW
UpdateWindow
GetDlgCtrlID
DefWindowProcW
CreateWindowExW
SetPropW
GetPropW
RemovePropW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
GetDC
ReleaseDC
EndDialog
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
GetClientRect
SetTimer
SendMessageW
EnableWindow
CallNextHookEx
SetWindowsHookExW
PeekMessageW
GetCursorPos
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SetCursor
PostMessageW
PostQuitMessage
wsprintfW
SendDlgItemMessageW
SendDlgItemMessageA
GetWindowTextW
MapWindowPoints
EnumWindows
UnhookWindowsHookEx
GetWindowThreadProcessId
GetClassNameW
CallWindowProcW

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
OffsetViewportOrgEx
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

shell32

ShellExecuteW

comctl32

ImageList_Destroy
ord17

wininet

InternetGetLastResponseInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0033f493f3cf4584de9c845a4e5b24ab

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

wininet

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 12KB - Virtual size: 8KB

.vmp0 Size: 24KB - Virtual size: 21KB

.vmp1 Size: 352KB - Virtual size: 348KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 12KB - Virtual size: 8KB

.vmp0
Size: 24KB - Virtual size: 21KB

.vmp1
Size: 352KB - Virtual size: 348KB

.reloc
Size: 16KB - Virtual size: 12KB