d9f61e7a9fdde0144371f8f8758b8924_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9f61e7a9fdde0144371f8f8758b8924_JaffaCakes118
Size

2.3MB
MD5

d9f61e7a9fdde0144371f8f8758b8924
SHA1

0b20985f9d6c24efffe3ccf3891e70df8754d26e
SHA256

01c2d496b55b89a8c8473fd58df013555a9806e73130ac4198a4beb76b4bfbe7
SHA512

6f77453850c3a773d1b4c5999c5f3a4c2f1a84f59a24d69ae9897fc4b7df994e2dba94b5707568aa5735a9bbfcff13ada8a1ca88b86ac16a5a184f3493d59c8f
SSDEEP

49152:DXIBxm3M9Jou5k5FJ2krWTN234UxaxNQm8xbIXdtk7AJEfGxW:rIBw3Mt50M235sxNQm8JUtzy+xW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9f61e7a9fdde0144371f8f8758b8924_JaffaCakes118

Files

d9f61e7a9fdde0144371f8f8758b8924_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5eaecef8a6489b282de04596c48e8ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

UnhandledExceptionFilter
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCapture

gdi32

GetSystemPaletteEntries

winmm

midiStreamProperty

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ImageList_DrawIndirect

ws2_32

select

wininet

HttpSendRequestA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 662KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5eaecef8a6489b282de04596c48e8ec

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 662KB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 315KB

.rsrc Size: 104KB - Virtual size: 122KB

.vmp0 Size: - Virtual size: 414KB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.text
Size: - Virtual size: 662KB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 315KB

.rsrc
Size: 104KB - Virtual size: 122KB

.vmp0
Size: - Virtual size: 414KB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB