dddedc88dcc3c8d1e94c9f391df1bd91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dddedc88dcc3c8d1e94c9f391df1bd91_JaffaCakes118
Size

5.6MB
MD5

dddedc88dcc3c8d1e94c9f391df1bd91
SHA1

ad64190382995828a5ff0bc7ae763a568a465e17
SHA256

8c6eae88d95d626cbdfa18b755ab2ef7bc13fe1050e493403a3df5cbe82c74dc
SHA512

a03c64d0d449e24a1af1b610c68ef88a0d2c03fef74588663a18273eaecee788c3f9fda771505d95c9b7564a64bbbc0f1833488bb331275d66bbb900db3c496c
SSDEEP

98304:fUH1HCF3hnArksH6EeUlhYW7JDFHZiJxjMqlmtgyAlV3mGFmc0MdOF5j3ljzTGdg:sH+hArjH6XUX7JDVZSj/c2vNFmc0GOFf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dddedc88dcc3c8d1e94c9f391df1bd91_JaffaCakes118

Files

dddedc88dcc3c8d1e94c9f391df1bd91_JaffaCakes118
.dll windows:6 windows x86 arch:x86

8edb4a2230c23a2ea7a3397d4491b9d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

indicium-supra

IndiciumEngineSetD3D10EventCallbacks

kernel32

GetLastError
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OpenClipboard
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

??Bid@locale@std@@QAEIXZ

imm32

ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

xinput1_4

ord2

wininet

InternetReadFile

vcruntime140

__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initterm_e

api-ms-win-crt-string-l1-1-0

iscntrl

api-ms-win-crt-stdio-l1-1-0

fsetpos

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-math-l1-1-0

_libm_sse2_exp_precise

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-filesystem-l1-1-0

_lock_file

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8edb4a2230c23a2ea7a3397d4491b9d2

Headers

DLL Characteristics

File Characteristics

Imports

indicium-supra

kernel32

user32

msvcp140

imm32

d3dcompiler_47

xinput1_4

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 359KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 359KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B