Behavioral task
behavioral1
Sample
DNFSM0703版.vmp/DNFSM0703版.vmp.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
DNFSM0703版.vmp/DNFSM0703版.vmp.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
DNFSM0703版.vmp/官方网站.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
DNFSM0703版.vmp/官方网站.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
DNFSM0703版.vmp/帮助.url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
DNFSM0703版.vmp/帮助.url
Resource
win10v2004-20240802-en
General
-
Target
fb2087dd1e33ce0b74560c3cf7a383bf_JaffaCakes118
-
Size
2.3MB
-
MD5
fb2087dd1e33ce0b74560c3cf7a383bf
-
SHA1
b00f743cdfc1ac6c39aa6f688c84aa586271aafd
-
SHA256
158066842fe8875645aba163319a9042630bc90ab7ee1a0d0d9e3945bb6d8175
-
SHA512
e93b39fc8a2968ac5f436ed80a7d23d0cd8495ae817e556e8e77f0fdf100ff36f7b867c5f3fba2ad2fbee85f30e9494106a8dabf1e0e9001a2c15bb44610a30f
-
SSDEEP
49152:wlHIgVAYUmiaBfp73lOX8KeiszIpVKCOuY4jb1C4VhnBRPJd:wZIgVAYfBpbIFvsk+COYjb1TnRxd
Malware Config
Signatures
-
resource yara_rule static1/unpack001/DNFSM0703版.vmp/DNFSM0703版.vmp.exe vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/DNFSM0703版.vmp/DNFSM0703版.vmp.exe
Files
-
fb2087dd1e33ce0b74560c3cf7a383bf_JaffaCakes118.zip
-
DNFSM0703版.vmp/DNFSM0703版.vmp.exe.exe windows:4 windows x86 arch:x86
1055b378355d9bfa7c24591eb4f9a01c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
waveOutReset
ws2_32
recv
rasapi32
RasGetConnectStatusA
kernel32
GetVolumeInformationA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess
user32
DrawFocusRect
gdi32
GetBkMode
winspool.drv
DocumentPropertiesA
advapi32
RegSetValueExA
shell32
SHGetSpecialFolderPathA
ole32
OleInitialize
oleaut32
UnRegisterTypeLi
comctl32
ord17
oledlg
ord8
wininet
InternetOpenA
comdlg32
GetFileTitleA
Sections
.text Size: - Virtual size: 521KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 316KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 718KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.tls Size: 4KB - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
DNFSM0703版.vmp/下载说明.txt
-
DNFSM0703版.vmp/使用说明(必看).txt
-
DNFSM0703版.vmp/官方网站.url.url
-
DNFSM0703版.vmp/帮助.url.url
-
DNFSM0703版.vmp/推荐代码大全.txt