e13dce219ad6ceac27f29713712fe405_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e13dce219ad6ceac27f29713712fe405_JaffaCakes118
Size

928KB
MD5

e13dce219ad6ceac27f29713712fe405
SHA1

93cdc6d823498e8ab44d54a54d9706eb503cc7ea
SHA256

1980ee94012ca38c65641e1d7cfa171d364d0576c172b92d3227e5f7e98918bc
SHA512

37635de82088dfb2670a8989d8ee0ab2c6fcd525d4d575af6e98b91e7738214ed5e3c3fccd3146d9cf2b1fdba084fa209103c08432e804ab444ee21ab8a18e04
SSDEEP

24576:su9CB6YlmKgLIJW40W/A5xq52zD2VpsHTUZVzwg:i64WZ052zq4zOWg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e13dce219ad6ceac27f29713712fe405_JaffaCakes118

Files

e13dce219ad6ceac27f29713712fe405_JaffaCakes118
.exe windows:4 windows x86 arch:x86

003318e53caed483038e8721a612e932

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

OpenClipboard
MessageBoxA

gdi32

CreateEllipticRgnIndirect

winmm

midiStreamRestart

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

_TrackMouseEvent

ws2_32

accept

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 908KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

003318e53caed483038e8721a612e932

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 447KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 146KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 167KB

.vmp1 Size: 908KB - Virtual size: 905KB

.reloc Size: 4KB - Virtual size: 144B

.text
Size: - Virtual size: 447KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 146KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 167KB

.vmp1
Size: 908KB - Virtual size: 905KB

.reloc
Size: 4KB - Virtual size: 144B