fd2cb99607ffbb8f9f1d429a7fd2ac89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd2cb99607ffbb8f9f1d429a7fd2ac89_JaffaCakes118
Size

11.3MB
MD5

fd2cb99607ffbb8f9f1d429a7fd2ac89
SHA1

2a905ceab6906fa566271c72fa8a1c4d90343139
SHA256

f5a2a4c707d363b5433f696d1c4b3e7bacd28525273380fe0ca829c13cfd9b61
SHA512

1c2fbed606b407f95fb6e9fb70a1615b62dbebfa8cb39b55f26e2a423f74270951ba098d65b98ad14e7d4340b7375493b9bc760fa6d9a4a00215d95ce75172fe
SSDEEP

196608:t8mpbCb+/MOarKodWXIRcNyge37maF2N3ABW8W+OGoLrLwm+14+T1US4cqFhIhgk:3pbc+42owXCh37Rm3N8hoLIXJTajjYLB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/cheat.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cheat.exe

Files

fd2cb99607ffbb8f9f1d429a7fd2ac89_JaffaCakes118
.rar
CSCFG.ru.url
.url
cheat.exe
.exe windows:6 windows x86 arch:x86

fa9919de22dd9c2d771474bba4e606ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CloseClipboard
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

SHGetFolderPathA

imm32

ImmGetContext

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

ole32

CoUninitialize

advapi32

RegOpenKeyExW

shlwapi

SHDeleteKeyW

wtsapi32

WTSSendMessageW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B
xMwz*~� }}��: ��U��̥�>j��Ӹ��xK{�O2�oSa��T��$v ��|��U!��J�0+U ��4=�i�5��F��0a�E�7�ч�|�QmǟP��:��ICi��/��5��a�� kAL��E�G�;�\|!uGD3�kJGϦHIH�(>��"Zhq��/j��P_�Ⱦ�Qm1!k��cau}q>�3U��7�,C��*�q��J1��&�`6kf�!��+mƦO벫�l��xy��3UG��o��n��q�Ĺļ��#c��`��a�y�~.M"_��N��=Z��ڪ��F��t��"�\`db[)+��I�'�0Q�*��B��Ϩ�Ѥ��f�wxVo��N��2�-@�ɏ��k��c��}�g%��C�l�jO@v�R�P��u�u��n'�%�M�%��"I��r��2�22^L��m�_l��| ��D�sx�f��!�s~�F�4��,H{g��7b��Z��e<l;h+v��t�,�S�2�#p��z�An&j�>��?�v��޴��ޕ7+%ar�n��`f��1zg��0`TfZp�3��9��-��5FS+� KP��ee�~��ؙ�.�SS�~"<Pb�XAW�)��V]cY��*So�z>�3��H͎/�L!�k�� RDrI�С�[�dM�-F��K��o�Dd��,=PJg��D��g�k��/�t2s��o�g��پ+\P[�u��z ��| �J�\�1* �n`��{�+<Rn�)�XW&�HP��Ȥ#=|��s��:B`��_NC��P�ʇ��)}vB��kX|��I��I�]��qn��/��"��wS��g��EŠ'��~�d�� |��+R끞�j�u'��!�x��)f�(��$�� y!��Q�ps�6(sX�I#�%?��)��X��9�0��fFܔ�h. "�-�ҋC֊.�'�V��f�_�!V7-��{ϑ�3v��K��Ar ^��O�x�a|��vF`��BCL� q~��C��4�E��!��m[J *�jMD�n��3{�<g��dUkl��m;ea��&��=,Ų��mИ�!��׆D��ݲ�S(�� J)pݮ��-�^�k��,n�FQm�p��Qhu��V�,g��Ly��̅*̏�\��A%�� ɘ�b�4��n��J٠��:=E�KJ�� %l��w�׹eZ��%<�Fߵ7��Rʐ��}��1*3��ˇ$r&��H�|��R�/ޖ�0*ٌyq�8L�2�Tf0��dN�{T*h�i�~Ŝ� #= ]g�u2NVj&��J�he��.�(�P_P�Z�� T��T�uXlM wn.��|��A�W�[��1��Ԇy�Y�+ǁ��$�6�' �u�8��p#�{c��H��]��Wb܌��}{��)��}��^Y�3K��X9,��U i��쒕Hn� ��t��+��;��U�grj�|�kN��fV3��A�W#��&�OP�B��rmCe��;-(T&�O{�~Nu+��l[��Β߬��Ѕ��[�2�jR � c[/:��7֧�P.S-��<��]��'��vwz��0��ӑ� ;��q�N4��'��_��S��w?�Uْ�oB�N��"��Et��( ��1�N+��|��eH�ֺ�$��б�3��Hp�ͽJ�p a��af=��Ϭ�Ξ}�#�zhK�N��ҧ� ��W�#g��##�đ;�*'}��ʡ��C�=�.9��Ѯ��\<$-�>��5j|��K�T��N�p��6�jh�"�tͼB6��=2��8��\uƀq�\��E0T� �\�� ioէ�E��p>\��1h�<��J-m�q�` �G��?�|n��ș��,n�:��\��!��pv0�4�� A:��ua(�]J�R�j�e�R�-��:��B[��D��V��jF��0��Y�襚Q<��5��E��H郲ܹ�2��@�)��[�(f��k ��4vP�|B�C�B;R�,�D�1beZ��eO�� '��y�)��h�_��,�4 ��l�ҒS��O)RZ S�Ⴢ�؞��"�{�h}�l��Y��)H�DciW��1��YCH�yn��$�� #L�ԕF�|J8e?k؟�j��y��?��1��+�q��;�H��;��{��A��I'c'��-3�>�sS؝��X9��!<�S�-4��X�Q�r1��ppt�۴q��5D��I�$�(ᛨ�r�eX~ ��D��"P�O�h�U7<��K�dL�P^?؇��^8~~Qʈ�ށkQ�_&~�b��1�6 �r,�Z-��d��|��:�p�T��CtD � U�X�JrR��4��|��ʍiq��%��׮�4ݐ��&�\ �˧��g�SA8�0%U��Pd��F2�1��+)2b3�3�}I�I�ڈ[�DV�]R3/�m��O=�k��ce��+�o4R��P�fpxT}��$b�núh�� ڔ�nQ��ב�^!��n��;��/3!��V�f��h�ɨQ�ێt��O��6�Gh�ؙ�e�B�/|��w��tG�tVXU��+�~~��_Ѣ/9Guo� g� D��x�\MQ�\��M��+��:)]��^18��T��IVG��$�y�[��Ucͤ&h�~m�B=B�s��L�a_ca�,T��(PqQ�B4��3�9�XF�7�2{h-P�}5A�VV��W��S%��6�K�ָ�*��<��[��/��{�#��;�T�W��C�mw�$��ʡ:4�{�h�m��<|t@֯��s�GtG��9`z��׿0��E�=7�rDQc��w��Ck�9i򺁳ߪ,4��$��@��w�29qyA��.t�G�U,�맟�Ac

Sections

.text
Size: - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Прочитай!.txt

Sharing

General

Malware Config

Signatures

Files

fa9919de22dd9c2d771474bba4e606ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

imm32

d3d9

d3dx9_43

ole32

advapi32

shlwapi

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 526KB

.rdata Size: - Virtual size: 148KB

.data Size: - Virtual size: 5.9MB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 11.4MB - Virtual size: 11.4MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 526KB

.rdata
Size: - Virtual size: 148KB

.data
Size: - Virtual size: 5.9MB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 11.4MB - Virtual size: 11.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B