fc650a1292ade32e41d3fdc2fb7dd3f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc650a1292ade32e41d3fdc2fb7dd3f3_JaffaCakes118
Size

124KB
MD5

fc650a1292ade32e41d3fdc2fb7dd3f3
SHA1

d13c28de3fa9ca7765b45e363f782b16702602e0
SHA256

58c39df99155017592abf60ec5a80a339f233bf1eb5dcf2ecf4a5b336cc56e58
SHA512

8f72fdb705819cb2335ce5408eb41b67ae87c2f4390d3866c85156e1e534e5d04c79d0eeca5d574464ccec1c6d809edba892eda6bf7eaf49d369ae0e872fa6e6
SSDEEP

3072:EbEDkJLdCb8BWQjzctLffJpmRAgdO+nLEDgMGNXopnbJ:EiSLdj02MLfhpmRtz4Dx7dJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

fc650a1292ade32e41d3fdc2fb7dd3f3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

40a3ff7eb042bc3baa2fa53d526db82a

Code Sign

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70
Certificate

Issuer

CN=Root SGC Authority

Not Before

16/07/1999, 19:47

Not After

16/07/2004, 19:47

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Extended Key Usages

ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto

27:a4:33:ca:2f:e7:67:b6:5e:b9:6e:43:04:c9:2e:53
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/06/2013, 00:00

Not After

27/07/2014, 23:59

Subject

CN=Neoact Co.\, Ltd.,O=Neoact Co.\, Ltd.,L=Guro-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:c1:1b:94:28:fd:06:21:4a:fc:e8:0f:7b:6c:f1:51:1a:57:24:21
Signer

Actual PE Digest

c2:c1:1b:94:28:fd:06:21:4a:fc:e8:0f:7b:6c:f1:51:1a:57:24:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

advapi32

GetTokenInformation

shell32

CommandLineToArgvW

Exports

Exports

DiscpEstablishServiceLinkage
INIT_1
INIT_2
SvchostPushServiceGlobals
UsersRunDllW

Sections

.text
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40a3ff7eb042bc3baa2fa53d526db82a

Code Sign

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70Certificate

Extended Key Usages

27:a4:33:ca:2f:e7:67:b6:5e:b9:6e:43:04:c9:2e:53Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

c2:c1:1b:94:28:fd:06:21:4a:fc:e8:0f:7b:6c:f1:51:1a:57:24:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 28KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 71KB

.vmp1 Size: 118KB - Virtual size: 117KB

.reloc Size: 512B - Virtual size: 164B

.rsrc Size: 512B - Virtual size: 434B

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70
Certificate

27:a4:33:ca:2f:e7:67:b6:5e:b9:6e:43:04:c9:2e:53
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

c2:c1:1b:94:28:fd:06:21:4a:fc:e8:0f:7b:6c:f1:51:1a:57:24:21
Signer

.text
Size: - Virtual size: 28KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 71KB

.vmp1
Size: 118KB - Virtual size: 117KB

.reloc
Size: 512B - Virtual size: 164B

.rsrc
Size: 512B - Virtual size: 434B