dcc5efbc4c47833077a80df863596af9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dcc5efbc4c47833077a80df863596af9_JaffaCakes118
Size

169KB
MD5

dcc5efbc4c47833077a80df863596af9
SHA1

de3e6dbd428c10509ccd88f853c9c57e0073d48d
SHA256

29a31694f670f7a953478fffbfce7eb274608f080275e5b8e6cee7860398614e
SHA512

6e80e14a9cfb1b8ab3d0adaba131f1cecad2f98e0e10d6d894ad4113b68fcf638434bfd5d6a387fe89f4771ce2c75521d57a3463d43dc2fb28024ea624764bcb
SSDEEP

3072:trweJDFJsKulxR8nC/SNJOQvPFw/t4gXO3J4tAwWeIb6jRwpkk7Lr/4Jtey:KeJDFJ07gKYNwFTeuez7biwik7Lz4v

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcc5efbc4c47833077a80df863596af9_JaffaCakes118

Files

dcc5efbc4c47833077a80df863596af9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9f6a64bf1c7cb7cb649e0b89f2da7077

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

SetCapture

gdi32

CreateCompatibleBitmap

advapi32

CloseEventLog

shell32

SHGetFileInfoA

msvcrt

_strnicmp

winmm

waveInReset

ws2_32

WSAStartup

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

imm32

ImmReleaseContext

wininet

InternetOpenA

avicap32

capCreateCaptureWindowA

msvfw32

ICSeqCompressFrame

psapi

GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Exports

Exports

GetlinehA
HEARTBEATTIMEOUT_ERROhW
LoadBitmaphA
MAXIMUM_ALLOWEhA
MessageBeephA
MessageBoxhW
NewMainFun
SetProcessWindowStationhW

Sections

.text
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f6a64bf1c7cb7cb649e0b89f2da7077

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

msvcp60

imm32

wininet

avicap32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 92KB

.rsrc Size: 1024B - Virtual size: 960B

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 80KB

.vmp2 Size: 162KB - Virtual size: 161KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: - Virtual size: 92KB

.rsrc
Size: 1024B - Virtual size: 960B

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 80KB

.vmp2
Size: 162KB - Virtual size: 161KB

.reloc
Size: 512B - Virtual size: 36B