e173ac43d535dbbe178f6e7819c19d4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e173ac43d535dbbe178f6e7819c19d4a_JaffaCakes118
Size

1.5MB
MD5

e173ac43d535dbbe178f6e7819c19d4a
SHA1

2d7d3ba205389234b01a3ec95533edf5b72368c3
SHA256

5aa390badf507a480638e957700ec565ccf87ce446a8444d9cd00aa5ff15731c
SHA512

93e8a4a25bd685fdb1af7cdfe5074313bd44c7e96220c99f56b3e60a5587d1cbb227860f4ff36a1e1e8855f2d279c436dc7a647b0ec6fea460d955a08c5e97fd
SSDEEP

49152:3R6ISGfrJKmNAwuJik3JFk+Yskh31c/2:wIPfxNAwTk5Fjecu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e173ac43d535dbbe178f6e7819c19d4a_JaffaCakes118

Files

e173ac43d535dbbe178f6e7819c19d4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

59a3b25440bf0828d3d1d1a78edc23a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

KillTimer

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

Shell_NotifyIconA

wsock32

ioctlsocket

ws2_32

WSASocketA

comctl32

ord17

gdi32

DeleteDC

shlwapi

StrDupA

ntdll

NtQuerySystemInformation

Exports

Exports

�8c�$��iN��J�(��B�_��!�4%��TL�w ��9�p;=vSq�o�Ij�}w��G/��^��0ێ��<�l͝L��6��8h��#�&}�X�Կ:��:e�� `��}3��Fn��}�Dۻ��! Tźd�*v{)��GN��ߙ\QtE�ϧ��;o��!2Dt��%H$�j��B��5 e=q��1��ڤT�̐n��|��/��b4�֋��k��%��A|?dX��V<W�Rvpx��|*m�<n>�2�n�C^}F8G��7Df��k�L1�HW�sS:��oV��k�j��x�3��P��Z�8�5P�?�= p�.�� bC��I�2�h;�&��>-��Ą��NڻX>F��E ��o�bq�E��MF�-�ym�Eb�q�`�� Yݸ��@F2�?>�3�l��[��3t��?��}qJ��X~aA_�U�S1�X̢4(�U�w�\��}Z ��[4|!�4:�~�5� ��=V0E�d�U��~ku7�& 7^�=b�̫p6ݑ.s�b�)>�mb�� RK��W[ұhcB�K��x,Ez��.yJ�#[�lLG�h��b�.[�[�j�y�H��y\¨�h�(�� Q��c�̥ oJ��%��S��n��iA��P��ޢU�EEK�]�c�'$J��WD��Uo�N[��8��NH(lɩm�Nڍz��b(��%1�"0�p<��ON��H!-�V�^8_O�D��W� U��|TfV=T��v��\��Q�ab�eaF��9�h��]��H'��ө��vz�3&6��N�%�t�Ƕ��z��蜓��R��^��F�1��*+x�-�I w�:M�Yy�~e@j��"��Y �J��W��P�Ů뻈Mޗê�)8v��N��կ>�W{Q��V�W�M�� 8C��vQ�{'��l�Q'��p�-n �w»\�-�N��t"e3��<�u��g��;uh�0��ҽg��)��gl�7��~:�_�84��+;�c�M2[ �A��$�@W��E�׊Y��&|Y�c��𒽏7=�4Nƌ ��"��O��>hn��̙��wk�ŘBX��6��t��z�J��EBV�5�]|}z�xa�@�#�e��nE�VN�{cYR[�/6۩��v�u$U��Q�__��C�f:�Z�K�p�O�7�oA.;A[�� ~��Rέ��V�O�:Ҝ�՗R5^�z�vda�!ސ-B��~m1��u�m�J�zΌ�]F*g��:go'dϣv��so8)ŏ$�Jn��S�6��5Yb��Β�Լ�<��t��|��Gsx^#�8;�u�+�ٟ��S�z5�f��8��LMՠF�?��@��x�)�Z�E��zsX��)�� .#(_��+"yt��gQ!�*��[G�,��W"s��Q�O@�-֫�4DEs�}��i\�i�3�'�}��gh~L�S��^�Hآ=)P\&��j|ؒ� *7�Yaf MOǍ��=C��x8ޝk��5��{c��1��"�B�d�4�ĸ<#�d>��S�?�F<Ȓ�p/?)6}9� �'h�󹧍��Ρ��п1�f!�H��,ċ�I!)��>�*�d�%�8��W�4��-}ś\~�X�� %�`��M�A=o��ks�߇*{�#Su�&��?�h~߰�ם�d��T�K�(Z��&g5 �!/(��ѩ�>r�U�P�� V��p��ٕ��d�B^�J�%+E��n ��O،Z�� ȃ f��3�u0Y��#��nz4x�ceh��=8�Qk� Pb,��/77��Ls��<��{N�� O�#r��<9H��{�>��"E Ȱ��~z�9�Ch�N��RT�S�&��jz��ϫ��Ѱ0X=�sGϬ��3>�N��GؽYzr�G�氻AI�36e%��Zp��z�G��+-.T�vE��2��+��a9獽�4��Rd�{ZJ�2�L��+/��ż��?�VtzB u�N/Jm��P*-��Ff��2b�̾z��ɤ�!��+��3�~ Y˗v�w� �R��ǔ�<�c�J�� & ��qz�Ů��j L? GD ��<�h��q��@/o$�W��l!�� 1[)��|:ґ�~� !ɞ�yX��HQ��5��>A��F�Kq��Gk��'VP��Au�49��<D,ǈX�]ڈ��x.u�=&� O�*��`��(c�aU�1-�_yi��s�� SQ4� �{1��wB#��}��V�n�=,�wԯG�`�N�p>��3j�͈{|��氐Q��<C��Be ��^� ��^3�ξ��Z� �d㹢�kz8 � i"��YT��1r�@J"xzT��V�v�rU#�{��P�偕lo�T�=�� g��~� �f��aIR�mgbi��,��4,�?�<��{��֤�Cʯz/�\xS�I(��R�KO� �ȼ��wwѰ��4ݯl�bq�R�*~�ߋ.�Q��W��h��:� �"��Qޖ�eT]��-daX�Q�~�O ��T��k��V��(��]g�^��$;8m{�(��Q(퓎N�UD��}�j�:�2)��*��k��A6��G��M��Hs�T�KֿpB;�"j?J��w�8� �6�u�xY�=7��D��v�{��kMv�� _��,:Ąl�j��̹�9��m}��e毐A��ޙ ?�Pq�Y,�W�Б>��/�(i�!�i�3�Z��_�p��&�v�k��9>��t�� S�1�(Y�VRɱ��n�5��^̓-s��DY_n�{��IZ�֪��\4��F^Ae~�� G��4�0�T$N

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59a3b25440bf0828d3d1d1a78edc23a0

Headers

File Characteristics

Imports

user32

kernel32

shell32

wsock32

ws2_32

comctl32

gdi32

shlwapi

ntdll

Exports

Exports

Sections

.text Size: - Virtual size: 154KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 110KB

.vmp0 Size: - Virtual size: 1.3MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: - Virtual size: 154KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 110KB

.vmp0
Size: - Virtual size: 1.3MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 16KB - Virtual size: 14KB