dabfc15614501bb318a3586036da132c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dabfc15614501bb318a3586036da132c_JaffaCakes118
Size

129KB
MD5

dabfc15614501bb318a3586036da132c
SHA1

b07a82a8b4173eb16bc90915bf3c25ea6bbb4a8e
SHA256

d89ea9bffb7a6f28567405eca3ede9226b1c886c3817cae71dcb5f3c78f912e6
SHA512

a6752a80e268066c9533b971958dd39e81fb7fc081bb3ec2bc7f7b39ad1a00801b257d9009d37c9f24fd7d790c75c6517eef1dd075b779e83d538cb763e5e94b
SSDEEP

3072:7IJxKNdqSwvrJ5LhgNA3PK+/uDcrfWt0L:cJ4Ndqt7ZPKiq6L

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

dabfc15614501bb318a3586036da132c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38cc4ff902d006c458fcdf5c44d2191f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:21:b5:7d:85:1c:8d:76:4e:b0:07:42:6a:fd:1c:7d:32:93:71:50
Signer

Actual PE Digest

de:21:b5:7d:85:1c:8d:76:4e:b0:07:42:6a:fd:1c:7d:32:93:71:50

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetModuleHandleA
GetProcAddress
VirtualProtect

advapi32

OpenServiceA

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38cc4ff902d006c458fcdf5c44d2191f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

de:21:b5:7d:85:1c:8d:76:4e:b0:07:42:6a:fd:1c:7d:32:93:71:50Signer

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: - Virtual size: 19KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 144KB

.vmp0 Size: - Virtual size: 20KB

.vmp1 Size: 112KB - Virtual size: 108KB

.reloc Size: 4KB - Virtual size: 152B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

de:21:b5:7d:85:1c:8d:76:4e:b0:07:42:6a:fd:1c:7d:32:93:71:50
Signer

.text
Size: - Virtual size: 19KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 144KB

.vmp0
Size: - Virtual size: 20KB

.vmp1
Size: 112KB - Virtual size: 108KB

.reloc
Size: 4KB - Virtual size: 152B