de5601a77dbfaf5ea7c25df771a988b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de5601a77dbfaf5ea7c25df771a988b4_JaffaCakes118
Size

117KB
MD5

de5601a77dbfaf5ea7c25df771a988b4
SHA1

208c2b4991e7f3a47310556a5e81e96ca15a01b3
SHA256

bf10c8f14ac4df724d14ee9dbe03269ec14619eeada7a06dc1e435728abcdefa
SHA512

b2d2066c01e3bad81d25dbf9c9c97d3a2be44441495b476b28ce6e96dbbde6d0ebb947430d682ec74e1cb570eb897ed1a8c20bdf3fdc07bac2920064c5b259c9
SSDEEP

3072:M86XrriFoAqYQEpp2GTug4Jba7b3jtD9KnnNBiZNWTKG+:M8VvfLp2pBKzEnDWNWG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de5601a77dbfaf5ea7c25df771a988b4_JaffaCakes118

Files

de5601a77dbfaf5ea7c25df771a988b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d457b1f04de77dd1e47e53de08a898fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetModuleFileNameA
SetCurrentDirectoryA
GetSystemDirectoryA
CloseHandle
SetFileTime
GetFileTime
CreateFileA
MoveFileA
DeleteFileA
GlobalFree
WriteFile
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
GetTempPathA
WinExec
GetModuleHandleA
lstrlenA
lstrcatA
GetEnvironmentVariableA
Sleep
ReadFile
CreateProcessA
GetStartupInfoA
CreatePipe
LocalAlloc
LocalFree
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
wsprintfA
MessageBoxA

shell32

ShellExecuteA

mfc42

ord823
ord561
ord815
ord1243
ord6467
ord1578
ord600
ord826
ord269
ord1176

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__CxxFrameHandler
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_controlfp
strncat
sprintf
fprintf
__setusermatherr
strcpy
printf
strrchr
strchr
strcat
atoi
memset
fclose
free
strlen
memcpy
fopen
_strnicmp

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d457b1f04de77dd1e47e53de08a898fd

Headers

File Characteristics

Imports

kernel32

user32

shell32

mfc42

msvcrt

msvcp60

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 161KB

.vmp0 Size: - Virtual size: 10KB

.vmp1 Size: 115KB - Virtual size: 115KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 161KB

.vmp0
Size: - Virtual size: 10KB

.vmp1
Size: 115KB - Virtual size: 115KB

.reloc
Size: 512B - Virtual size: 92B