f59f4591eddd6183f34cf2ddf3eff6b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f59f4591eddd6183f34cf2ddf3eff6b2_JaffaCakes118
Size

836KB
MD5

f59f4591eddd6183f34cf2ddf3eff6b2
SHA1

427880296080bb434a68095e185999f4655dbbe0
SHA256

440b04d87ca4bab8b5841a4d20a08e717c9f188d9abbae3d61f7cce297a27509
SHA512

7d7a47761af7f77aed0aa1d0729baad3a9a9fa6be8a0d426cf16de6f2920f3203e6b45e9a6dc72e9e2230c014e62cdbded863e7325b20ce4102286af704e36c3
SSDEEP

12288:pGKwsT2xBn9Uop0grWVihga20Gy6FqfLp4BeUF356dgTK/rAD4Cl//SAV9EsV:NTgUop02ey6F4L292nu4q/hV9X

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f59f4591eddd6183f34cf2ddf3eff6b2_JaffaCakes118

Files

f59f4591eddd6183f34cf2ddf3eff6b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

57aa88de6cb61ed6b1288892e8caddd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetScrollPos

gdi32

LPtoDP

winmm

midiStreamOut

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ord17

ws2_32

WSACleanup

comdlg32

GetOpenFileNameA

Exports

Exports

_???��3��D��

Sections

.text
Size: - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57aa88de6cb61ed6b1288892e8caddd7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 501KB

.rdata Size: - Virtual size: 81KB

.data Size: - Virtual size: 133KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 65KB

.vmp1 Size: - Virtual size: 488KB

.vmp2 Size: 820KB - Virtual size: 819KB

.reloc Size: 4KB - Virtual size: 184B

.text
Size: - Virtual size: 501KB

.rdata
Size: - Virtual size: 81KB

.data
Size: - Virtual size: 133KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 65KB

.vmp1
Size: - Virtual size: 488KB

.vmp2
Size: 820KB - Virtual size: 819KB

.reloc
Size: 4KB - Virtual size: 184B