efd9a70be96c4fef2f8bc70db21a5e9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efd9a70be96c4fef2f8bc70db21a5e9a_JaffaCakes118
Size

1.4MB
MD5

efd9a70be96c4fef2f8bc70db21a5e9a
SHA1

3f1083f0160f44f795fb33e18e3b6905e1ad96b6
SHA256

93660527111ccd8cb200f9dee2a374b3ad262e47300ac879b16bda7c8b095aa7
SHA512

db096a2815cb6e5e92137e1f063e8b09f8d6219411eb9b7a8ab3a63f072dfa9fb686668a25810cfe4b4a2a1fa4911c85f97fe60bdf1fdcd2a8cca076ecbf01a1
SSDEEP

24576:u1GjVq/gonIKwrFd6y0AbQ8Etjog1DAqXBV08VE5ewXp6efSxDS66N:ugjo/vbwhgm299T/08O1X+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efd9a70be96c4fef2f8bc70db21a5e9a_JaffaCakes118

Files

efd9a70be96c4fef2f8bc70db21a5e9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfce95556c9462a563ba2af91a3be5ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

CreateThread
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapSize
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetLocaleInfoW
RaiseException
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
DeviceIoControl
DeleteFileA
GetLastError
CreateFileA
Sleep
CopyFileA
GetCurrentDirectoryA
GetFileAttributesA
GetSystemDirectoryA
GetVersion
CloseHandle
CreateProcessA
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
FindClose
FindNextFileA
FindFirstFileA
GetCommandLineA
GetStartupInfoA
ExitProcess
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProfileIntA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
CreateDirectoryA
SetThreadContext
GetThreadContext
SetStdHandle
WriteProcessMemory
GetTempFileNameA
GetVersionExA
GetProfileStringA
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
lstrcpynA
LocalFree
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WaitForMultipleObjects
GetCurrentThreadId
HeapFree
HeapReAlloc
EndUpdateResourceA
GetProcessHeap
HeapAlloc
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
GlobalGetAtomNameA
lstrcatA
lstrlenA
WinExec
lstrcpyA
ResetEvent
MoveFileA
WritePrivateProfileStringA
WaitForSingleObject
GetTempPathA
GetWindowsDirectoryA
lstrcmpA
GlobalAddAtomA
DeleteAtom
GetModuleFileNameA
GetComputerNameA
IsBadReadPtr
GlobalReAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
MulDiv
TerminateProcess
SetCurrentDirectoryA
OpenProcess
ContinueDebugEvent
WaitForDebugEvent
ReadProcessMemory
SetEvent
GlobalSize
GlobalFree
PulseEvent
BeginUpdateResourceA
UpdateResourceA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
SetCursorPos
CharUpperA
PostQuitMessage
ShowOwnedPopups
DeleteMenu
InvertRect
GetSysColorBrush
GetMenuStringA
TranslateMDISysAccel
DefFrameProcA
BringWindowToTop
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
WinHelpA
RegisterClassA
TrackPopupMenu
CreateWindowExA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
IsIconic
GetWindowPlacement
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
LoadStringA
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
WindowFromPoint
SetWindowLongA
CallWindowProcA
GetWindowThreadProcessId
AttachThreadInput
CreateIconFromResourceEx
CreateIconFromResource
ModifyMenuA
SetCaretPos
DestroyCaret
HideCaret
ShowCaret
CreateCaret
SetScrollRange
TranslateMessage
SetScrollPos
GetScrollPos
IsClipboardFormatAvailable
GetDlgItem
SetWindowPos
ShowWindow
MoveWindow
EqualRect
UnionRect
DestroyWindow
GetClassLongA
TrackPopupMenuEx
GetDesktopWindow
GetMenuItemID
InsertMenuA
CheckMenuItem
GetMessageA
DispatchMessageA
GetSystemMenu
EnableMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetMenu
BeginDeferWindowPos
GetTopWindow
GetDlgCtrlID
GetWindow
EndDeferWindowPos
GetFocus
ScreenToClient
AppendMenuA
RemoveMenu
GetMenuItemCount
DrawMenuBar
IsZoomed
UnregisterHotKey
RegisterHotKey
DestroyCursor
GetKeyState
FindWindowA
RegisterClipboardFormatA
DestroyMenu
UnregisterClassA
ExcludeUpdateRgn
DefDlgProcA
CharNextA
IsWindowUnicode
SetMenu
GetClassNameA
SendMessageTimeoutA
EnumWindows
RegisterWindowMessageA
GetWindowTextA
SetWindowTextA
IsChild
GetClipboardData
LoadIconA
SetFocus
PeekMessageA
IntersectRect
DrawIcon
DrawIconEx
CopyIcon
DestroyIcon
MessageBoxA
LoadMenuA
GetSubMenu
GetDC
KillTimer
SetTimer
GetClassInfoA
DefWindowProcA
GetDCEx
ReleaseDC
LockWindowUpdate
ClientToScreen
IsRectEmpty
ValidateRect
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
DefMDIChildProcA
GetScrollRange
TranslateAcceleratorA
SetCursor
LoadCursorA
SetParent
SetRectEmpty
EnumThreadWindows
IsWindowEnabled
IsWindowVisible
SetForegroundWindow
SetActiveWindow
GetMessagePos
GetClientRect
SystemParametersInfoA
SetRect
IsWindow
RedrawWindow
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
DrawFocusRect
EnableWindow
UpdateWindow
GetCapture
ReleaseCapture
SetCapture
GetCursorPos
GetWindowRect
PtInRect
CopyRect
GetSysColor
OffsetRect
LoadBitmapA
MessageBeep
InvalidateRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfA
GetParent
PostMessageA
SendMessageA
GetMenuItemInfoA
MessageBoxA

gdi32

SaveDC
RestoreDC
SelectPalette
SetBkMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
SetBkColor
GetViewportExtEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
Escape
SetRectRgn
CreateDCA
GetTextMetricsA
StretchDIBits
GetCharWidthA
CreateFontA
SetTextColor
GetClipBox
GetClipRgn
SelectClipRgn
SetPixelV
GetWindowExtEx
AbortDoc
ExtTextOutA
StartDocA
StartPage
EndPage
EndDoc
CreateRectRgn
DeleteDC
CreateSolidBrush
GetCurrentObject
CreateRectRgnIndirect
CombineRgn
GetBkColor
PaintRgn
PtInRegion
DeleteObject
CreateCompatibleBitmap
CreateBitmap
FillRgn
CreatePolygonRgn
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
GetDeviceCaps
RealizePalette
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
Rectangle
PatBlt
GetTextExtentPointA
CreateDIBitmap
GetObjectA

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA
ChooseColorA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyA
StartServiceA
OpenServiceA
CreateServiceA
DeleteService
ControlService
OpenSCManagerA
RegSetValueA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
SetFileSecurityA
GetFileSecurityA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CloseServiceHandle
RegDeleteValueA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
ShellExecuteA
ExtractIconA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Remove
ImageList_Duplicate
ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Read
ImageList_Write
ord17

ole32

OleInitialize
CoCreateGuid
OleUninitialize

Exports

Exports

w�B��t��'i��j]��i8{�0��2̬&�t�� >��z�Ɨ� #J��)K.J�a�&�:V��TF�0��v�|��!�ӝr&=��@U��9�G��G��H��3�Ѷ"�P��_9q=Z��c��l�9 ��Sӧ·��.�1l}��q�Q�͙��R��@��4A��Sxs; GhSk��K� N�K�KL��%X[�P\]93I�A0�8��&<�:y�\9 Y��R�7�_k3�Xҽ�x��,��b��Ϲ?�FxUAǧ�[Ikg�c΄�S�@��¨�̳�[ �C�@>��G�R�F��p0�r��Ӌ�[б٢zv~�C��m"«��6"��M��a��C��3�]u�Sɵ��3i`��I�<�P�� Y'c]� d�_'�(�$M�I��+�� UٺvX��4�e��h0N�BJ�!�~t�ɕ}��J�HH�^+\`m?y��m��k��,˭4_�=]P�!��A�B��&P䐒4 �=�f[��o5چ��n!�A4�X��6�尅�0��zx;ƻa�d�Ř��Y��a��u�aIw�]��`S��XA^� `*�$�@͗��<�n�#��nI��t.�eͱV� �ZG�,�"��o#�Oƕ�©ڮ�mAY��Xn~k��7 ��2��5衱��H�KaI�[k��k>Bs��8%Q`�,5�3NGh�SX� '��$Zm��B��9��D��^~T�9Ɯ�t��^z�6/�?y��X��v�5��}��uʧxK��_��L�~@!h{�`!��H��3�H��<S��w��u��`�(� BAb��íc�DC�L�X��4goF�\MR-:��X*��{(� w�\6ٶd�Go/�&h�`V�V�� ]m4ԊW�H,�?s-��]J��d�� 6P�[�z�!�L�V��ͺ\СI�a>��^��_��D1w��s[��}f�W錞��|��F#H��m\�+B/Wu��N��3��jԕ��o[��J��a��=��`�Id��8��EK�k��9Ħ� ��ν�b��\dLʏ��=�!W��a>�I��N��7�(��?�ɫ��zK�jT��d0�8FS�8:y�24��T,@�-5�9E^��Á��®UF �1��6+&\��h��x+p��^&�u�j��$&�A6�e�Om�(��뢃a�n�"��R��H*�/Gk1� �>�g��5s�1`6ֿ ��.��3~�A�&�0(��'�8�*5�x ��0�Ha>�4}�e.�;�CF��ܳ�W��\��ڜ��%ȧ8�[x��l?n̑�'$z��V�=��$G+�䙾'��!��)��n��̭��ki�W��C�sAa��}�g�G�"g��_��a��G�-+��4��>ƇC�[��f �4|5Ƃ��^GG�}�Й�&�b|w��uX1O��mB� ��B*��@i�1��`�E��@/ ��,�β"��@ ��0�c��-�i��õ��B�V� l�t�R1mA��D_\��9�*I�*��K�d[k�L��q�ǈ�'N.�JE��Ek�Y�k"i�^��\��@��e�=!8��d ,�~l$}.��RQ��u��mMMʒ��,1P,8B�'�ll`C��f�d=Z��X�+V�~]<4q�� .;��(Q�*��]�ϧ��z {'7k��ֻ�Y�%7��YLSY ��!Ya=v�Ӊ��Ƭ�8�a}�*i--��Tf!�+��v��R��Yv�Y�W��2�ޛ�l�:?�9A�ׁ��[*��{��<Ի��B�s�v�{2ֈ�X�Կ�9�*T�Ng�f�1Y48:�i��tLz�E9�$m{~�+%"��D3�R�-2<c�&F��C�K�!Kٮ�ҁXd��~�iҔ�H~TFI��8��"��j%��hVd9@J��X4\V8��V`3v��Tŝr(4�R��.pcN��u/P�}+�Xu��y:��F`I�qoTuM�g��Hbv��9s�%v2@Sl�p�fD�N��!��a��Y`'��x!fBD��'��#��6+��"s��IZ�t��2��v>�Z�q�0\=��;��s�ʶ=��s!�S��d��Wm�S:���zN��ےD3x��<�I�Yi�f�v+Ɗ��+�_U��`��1 ��4��Y��i�{IL�{�q��O�\��\`�NU)��N��)= �b �ΉP��d t5�k>#T��bk�ਥ�O�]R��%�xy s_#?��T7�7N��B�/[�B�g��f.?@ �|�N�Pئ?��3��i�}X�� w��>��- 5.Y-��|��NG�0�o]�Z�|�X?��tg�u��ٶ�5l}%]b�$p_|ɤ(�-�J�sۆ ��Z� F\!��3)�mΥ��7% �kB�k�a,�G��ʼ��ě��ڏ��z<fEwJ�0.%mz�H��x㛝�`~�.��ʿ��Ʒ4f��0��L��:��P�oG ��>foX$B6�9�8��9�u^9};d�L��Q��A�C]�"q`��Zr*�F9�=hA��tU I�Þ��lٯ��E.� �X� Y)�Ӯ<i��7�E��Ϝm�gU��-\YU��2٤��Xφ��5��wY��AԶF?��D!��l�@��g)��c6��9�y3��I��pXz*�O�ק,��l|��e� �;̓I1قs��UwT��Խ«��[�N �J��x|��֢N�Z��=}[~N��T"d-�4q�`6�wy��#>�`\q��"0QVH�

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 16KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfce95556c9462a563ba2af91a3be5ce

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

Exports

Exports

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: - Virtual size: 150KB

.data Size: - Virtual size: 223KB

.vmp0 Size: 16KB - Virtual size: 283KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 284KB - Virtual size: 283KB

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 150KB

.data
Size: - Virtual size: 223KB

.vmp0
Size: 16KB - Virtual size: 283KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 284KB - Virtual size: 283KB