d6657152a962d3616bb217d1ed0d36f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6657152a962d3616bb217d1ed0d36f8_JaffaCakes118
Size

44KB
MD5

d6657152a962d3616bb217d1ed0d36f8
SHA1

3eed106977fe7ef85476d6942e25a7f447919a21
SHA256

967cd5507ec757106b12126a0679fbe7290af92041db787c18455e333f0ea8ec
SHA512

5f5061f108d532a966376adf5a4ab5c7b04e644a77064915d8bc512c9f3d416a5d3d8adf8de3a86e5f472ed4423662799609d0672b11769bbdafaf621e07ed0b
SSDEEP

768:aGmM0xoDvpJZkhyiJhqIcIZKOrG6CaNYx8OnfmO7:ahKdJKhyiSIaOr5NYLT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6657152a962d3616bb217d1ed0d36f8_JaffaCakes118

Files

d6657152a962d3616bb217d1ed0d36f8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6159ca2277ce8ea0373e9999f5f90ef8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
Beep
CreateThread
DisableThreadLibraryCalls
ExitProcess
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA
Sleep
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memmove
strstr

shell32

ShellExecuteA

user32

GetAsyncKeyState
MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6159ca2277ce8ea0373e9999f5f90ef8

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

user32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 48B

.rdata Size: 512B - Virtual size: 496B

.bss Size: - Virtual size: 208B

.idata Size: 1024B - Virtual size: 816B

.vmp0 Size: 8KB - Virtual size: 7KB

.vmp1 Size: 18KB - Virtual size: 18KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 512B - Virtual size: 496B

.bss
Size: - Virtual size: 208B

.idata
Size: 1024B - Virtual size: 816B

.vmp0
Size: 8KB - Virtual size: 7KB

.vmp1
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1KB - Virtual size: 1KB