e2187019ad63e166369bd23650972018_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e2187019ad63e166369bd23650972018_JaffaCakes118
Size

429KB
MD5

e2187019ad63e166369bd23650972018
SHA1

c19dc4a3956323d8ece9110c9f662d9b643fec37
SHA256

c0a5e51c87c6b24ab2b8516639ac7bd7d753386d83db74c9541a130bf0ca2bb9
SHA512

07cd26388c7684b8510f0eebab5b63fc54a70abe6d9bce952755d1c915bb2788df60231084105a72cdd423e077240be6bf23d0d7f620320102b8308c6cdd6fe6
SSDEEP

12288:/ACexvETttj46t0NrviHAomoC7xPHQAhW4:4CexvETt5pQrEmoSxIAhW4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2187019ad63e166369bd23650972018_JaffaCakes118

Files

e2187019ad63e166369bd23650972018_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e24c6fdf68caaa4e7c27392201cd2b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dtcommonres

ShowConvertImagesDialog
DevicesListDialog
IsDeviceParametersShowed
ShowGrabDiskDialog
AboutDialogShow
ShowBurnImageDialog
ShowEraseDiskDialog
ShowDeviceInfo
SetInvisibleWaitDialog
HideWaiting
EditBox
RestoreWaiting
ShowDeviceParameters
EndWaiting
BeginWaiting

mfc80u

ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord5414
ord1479
ord282
ord6700
ord1252
ord2461
ord897
ord860
ord1182
ord3590
ord2366
ord6271
ord1156
ord6140
ord572
ord760
ord3678
ord2925
ord3677
ord566
ord3327
ord4475
ord2832
ord2163
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord757
ord2239
ord1121
ord3824
ord1450
ord267
ord1894
ord4388
ord4098
ord2011
ord3435
ord3311
ord2985
ord4234
ord1582
ord2086
ord741
ord3158
ord4226
ord1536
ord2077
ord587
ord1785
ord2159
ord605
ord354
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord6063
ord6086
ord2155
ord5829
ord5803
ord4119
ord4574
ord3635
ord3756
ord3189
ord620
ord2651
ord6061
ord5609
ord2657
ord6276
ord3755
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord1198
ord4480
ord4255
ord1183
ord1908
ord6293
ord5327
ord651
ord280
ord283
ord899
ord894
ord896
ord1921
ord416
ord774
ord2121
ord3927
ord5524
ord4100
ord2260
ord3990
ord5727
ord5440
ord6282
ord5316
ord1172
ord3249
ord1472
ord1555
ord2254
ord2066
ord1959
ord4117
ord3995
ord5636
ord5637
ord562
ord1586
ord1461
ord2471
ord751
ord1920
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord347
ord6058
ord602
ord4035
ord2361
ord2365
ord1274
ord1946
ord4094
ord2085
ord3238
ord2895
ord5633
ord1270
ord3155
ord3198
ord3157
ord1271
ord3281
ord1925
ord2311
ord870
ord1118
ord3204
ord1086
ord1079
ord6749
ord6751
ord3390
ord762
ord5710
ord6001
ord3857
ord1058
ord1113
ord1176
ord1178
ord265
ord266
ord3497
ord722
ord3289
ord530
ord293
ord776
ord577
ord764
ord5562

msvcr80

memcpy_s
memmove_s
__RTDynamicCast
memcpy
_invalid_parameter_noinfo
wcslen
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_wcsicmp
wcscpy_s
__CxxFrameHandler3
malloc
free
memset
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
??0exception@std@@QAE@ABQBD@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
swprintf_s
_ltow_s
_wtoi
wcscpy
_localtime64_s
_time64
wcsrchr
_wsplitpath_s
wcschr
_vsnwprintf_s
wcscat_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
ceil

kernel32

GetVersion
GetVersionExW
GetTickCount
MulDiv
InterlockedExchange
Sleep
OpenEventW
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
GetCPInfo
GetCurrentThreadId
FindResourceA
CloseHandle
WaitForSingleObject
CreateThread
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineW
DisconnectNamedPipe
ReadFile
WriteFile
GetOverlappedResult
WaitForMultipleObjects
SetEvent
ConnectNamedPipe
CreateEventW
GetCurrentProcessId
CreateNamedPipeW
GlobalAddAtomW
DeleteAtom
lstrcpyW
lstrlenW
InterlockedCompareExchange
CreateMutexW
GetDriveTypeW
GetModuleFileNameW
SizeofResource
FindResourceExW
GetSystemTimeAsFileTime
GetCurrentProcess
GetLocaleInfoA
GetSystemInfo
MultiByteToWideChar
HeapFree
GetProcessHeap
GetACP
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

ReleaseCapture
SetCapture
LoadCursorW
InvalidateRect
GetParent
GetWindowRect
DrawFocusRect
GetPropW
CallWindowProcW
SetWindowLongW
GetDoubleClickTime
GetCursorPos
GetClientRect
SendMessageW
RegisterWindowMessageW
PostMessageW
MessageBoxW
DialogBoxParamW
EndDialog
SetWindowTextW
GetDlgItem
SetWindowTextA
CreateWindowExW
SetTimer
GetMessageW
SetCursor
SetPropW
GetWindowLongW
LoadMenuW
RemovePropW
SetForegroundWindow
TranslateMessage
AllowSetForegroundWindow
UnregisterHotKey
RegisterHotKey
LoadImageW
SetWindowPos
GetWindowTextW
IsWindowVisible
ShowWindow
KillTimer
DestroyWindow
SetMenuDefaultItem
EnableWindow
SetWindowsHookExW
LoadIconW
WindowFromPoint
ScreenToClient
CallNextHookEx
GetSysColorBrush
GetSystemMetrics
SystemParametersInfoW
DrawIconEx
DestroyIcon
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuItemInfoW
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuW
DeleteMenu
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapW
CopyRect
SetRect
GetSysColor
UnregisterClassA
GetWindowTextLengthW
DispatchMessageW

gdi32

CreateFontIndirectW
GetStockObject
GetBitmapBits
SetDIBits
SetTextColor
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentPoint32W
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreateSolidBrush
CreatePen

comdlg32

GetOpenFileNameW

advapi32

SetSecurityDescriptorSacl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl

shell32

Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW

comctl32

ImageList_GetIconSize

ole32

CoUninitialize
CoInitialize

oleaut32

VarBstrCmp
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysFreeString
SysStringLen

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

dtliteui

ShowPreferencesDialog
ShowMNDManager
CloseLiteDialogs
ShowGrabDialog
RefreshMND

Sections

.text
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e24c6fdf68caaa4e7c27392201cd2b0

Headers

File Characteristics

Imports

dtcommonres

mfc80u

msvcr80

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp80

dtliteui

Sections

.text Size: - Virtual size: 90KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 9KB

.rsrc Size: 112KB - Virtual size: 283KB

.vmp0 Size: - Virtual size: 36KB

.vmp1 Size: 308KB - Virtual size: 308KB

.text
Size: - Virtual size: 90KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 9KB

.rsrc
Size: 112KB - Virtual size: 283KB

.vmp0
Size: - Virtual size: 36KB

.vmp1
Size: 308KB - Virtual size: 308KB