d5bf2db3f1df3b61193c428e08c4202e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5bf2db3f1df3b61193c428e08c4202e_JaffaCakes118
Size

37KB
MD5

d5bf2db3f1df3b61193c428e08c4202e
SHA1

07952d746347b756d0c0b3461a0ff9c7677bfa1a
SHA256

6351abad607e904dd8cbcffdc0f3cccc2a21b2b23a2b14888f4b64903ae3e939
SHA512

f08e52a90f62f576ab7114f631e31f9747876edb96ff79b81079f46dfc32251cebe3fefe750f3cddcad6177848e227ad5f64786440d56f86fa245ec8007ba8d0
SSDEEP

768:H7tOeRpp2mLJeaSbba56+lOiuVRamX5+x1/TUn5C+4dd17Pu:tpQ/43uVR9ixH+S

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5bf2db3f1df3b61193c428e08c4202e_JaffaCakes118

Files

d5bf2db3f1df3b61193c428e08c4202e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1025dbe1b1e5b22f8672bce209fd20cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrStrA
StrToIntA

user32

PostThreadMessageA
wsprintfA
MessageBoxA

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoCreateGuid

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
memcpy
time
srand
rand
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__getmainargs

kernel32

SetFilePointer
GetModuleFileNameA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
ReadFile
CreateMutexA
GetLastError
GetFileAttributesExA
ReleaseMutex
lstrcpyA
lstrlenA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
WriteFile
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
CloseHandle
GetFileTime
SetFileTime
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1025dbe1b1e5b22f8672bce209fd20cc

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

ole32

msvcrt

kernel32

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: 35KB - Virtual size: 35KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: 35KB - Virtual size: 35KB

.reloc
Size: 512B - Virtual size: 72B