f05a197947777aada5bf241a91de8a07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f05a197947777aada5bf241a91de8a07_JaffaCakes118
Size

179KB
MD5

f05a197947777aada5bf241a91de8a07
SHA1

679b77ff2c5b94f1b218c5eab356c138400e4822
SHA256

04690eba901382efe4d8b80f46bcff54e5ee29479e48ec1255bbe64081a87e2a
SHA512

e7054757616b1dbced868e493ddc7ba088b671c1386d6dbf88d868f6366356ef7d3858cd91a51e39d1b84f1d0db128e8b9821ed57b5c332660ade98fada00878
SSDEEP

3072:OHK3k3kKIDSO3lgLbWA37hO9DyS2YREey/on2DO0CloR6Nhh8zSwSNc/S:HWk+O3lAbWAhkAey/MKZyo3+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f05a197947777aada5bf241a91de8a07_JaffaCakes118

Files

f05a197947777aada5bf241a91de8a07_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bd5255b0e6404b0a4dd3085d99ea9e13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

SystemParametersInfoA

gdi32

CreateCompatibleBitmap

advapi32

RegOpenKeyA

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

??1type_info@@UAE@XZ

winmm

waveInUnprepareHeader

ws2_32

WSAStartup

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

imm32

ImmReleaseContext

wininet

InternetOpenUrlA

msvfw32

ICSeqCompressFrame

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory

Exports

Exports

ServiceMain
aaaaaaaaaaaa
bbbbbbbbbbbb
cccccccccccc
zzzzzzzzzzzzz

Sections

.text
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd5255b0e6404b0a4dd3085d99ea9e13

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

imm32

wininet

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 94KB

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 89KB

.vmp2 Size: 176KB - Virtual size: 175KB

.reloc Size: 512B - Virtual size: 116B

.text
Size: - Virtual size: 94KB

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 89KB

.vmp2
Size: 176KB - Virtual size: 175KB

.reloc
Size: 512B - Virtual size: 116B