dcfcc8e291a49a1573a52af70d47fec0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcfcc8e291a49a1573a52af70d47fec0_JaffaCakes118
Size

128KB
MD5

dcfcc8e291a49a1573a52af70d47fec0
SHA1

ad589040b9554222c3aa5b7d37577e834e5c2160
SHA256

0c15c463eef777807273ef5a2db335b7c64ed3c93befeea0ec0fc17dddbde3be
SHA512

3b6cf3cdd82184b55ce90d636066d64d1fa3aeed7e01a83bd28fe0d9aca072c525b5ce3eb7570ea7f70a10f5a40cfad0854363a582298101dbefd69de96ad720
SSDEEP

1536:9WV0qhBQC8jXMbo2P0UTfk3X+nDKJq2f4JsBTnQBeVGEzICH+QV82zFlOZ:1PCuL41+JD4JsCo+O82Zlc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcfcc8e291a49a1573a52af70d47fec0_JaffaCakes118

Files

dcfcc8e291a49a1573a52af70d47fec0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c01d226e3407ee6aec658ca358c3044c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
InterlockedIncrement
lstrcpyA
IsBadReadPtr
Sleep
CreateThread
CloseHandle
GetCurrentProcessId
GetPrivateProfileStringA
GetSystemDirectoryA
TerminateProcess
GetCurrentProcess
WritePrivateProfileStringA
GetTickCount
UnhandledExceptionFilter
VirtualProtect
GetProcAddress
LoadLibraryA
GetModuleHandleA
IsBadStringPtrA
ExitProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCommandLineA
GetStdHandle
SetLastError
GetLastError
WriteFile
SetFilePointer
WideCharToMultiByte
lstrlenW
VirtualAlloc
Module32Next
Module32First
CreateToolhelp32Snapshot
ReadFile
Process32Next
OpenProcess
lstrcmpiA
Process32First
MultiByteToWideChar
RtlUnwind
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedDecrement
GetStringTypeA
GetStringTypeW
HeapReAlloc
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers

user32

wsprintfA
MessageBoxA

Exports

Exports

WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c01d226e3407ee6aec658ca358c3044c

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 28KB - Virtual size: 53KB

.vmp0 Size: 8KB - Virtual size: 7KB

.vmp1 Size: 16KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 28KB - Virtual size: 53KB

.vmp0
Size: 8KB - Virtual size: 7KB

.vmp1
Size: 16KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 4KB