ff84d0d8999af40151ba547b9f536409_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff84d0d8999af40151ba547b9f536409_JaffaCakes118
Size

3.7MB
MD5

ff84d0d8999af40151ba547b9f536409
SHA1

4499a32072d3b4b0692cf037d938e409d98333cf
SHA256

85a5931a4486919dfa1e6cc98bd5698971c5ba1dd3885259bc5d4ce2b9551ec3
SHA512

83e4e01065dcbca6013f05624654b6739950d903499298524e6d92e7480e8966ce3b7717d9d956e136a2a330c8d1461b45f7f7e8a36cd7b349fe07bbc45a0644
SSDEEP

98304:7d1ZPYgO+Y+raWhAPo8XBOWdZaf+0zefXeT:7LZdraqLQZaPk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff84d0d8999af40151ba547b9f536409_JaffaCakes118

Files

ff84d0d8999af40151ba547b9f536409_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b0b31a20a4dd2dfd2bd616739ed825c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetCurrentDirectoryA
FreeEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
CreateFileA
GetACP
GetOEMCP
SetEnvironmentVariableA
GetDriveTypeA
FreeEnvironmentStringsA
UnhandledExceptionFilter
FindResourceA
GlobalAddAtomA
GetProfileStringA
InterlockedExchange
HeapSize
GetFileType
SetStdHandle
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
RaiseException
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
GetStartupInfoW
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceExW
GetCurrentDirectoryW
GlobalFlags
FindNextFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetVolumeInformationW
UnlockFile
LockFile
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProfileIntW
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetProcessVersion
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFullPathNameW
GetTempFileNameW
GetFileAttributesW
SuspendThread
GlobalFree
lstrcmpW
lstrcmpA
lstrcmpiA
GetCurrentThread
GlobalGetAtomNameW
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
GetModuleHandleA
LoadLibraryA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
lstrlenA
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
LockResource
SetCurrentDirectoryW
CreateProcessW
TerminateProcess
GetExitCodeProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
SetThreadPriority
GetWindowsDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
TerminateThread
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW
MultiByteToWideChar
GetTempPathW
CreateDirectoryW
FindFirstFileW
FindResourceW
FindClose
GetLongPathNameW
GetShortPathNameW
GetCurrentProcess
GetLocaleInfoW
GetNumberFormatW
GetLastError
LocalFree
MoveFileW
DeleteFileW
Sleep
CloseHandle
CreateEventW
CreateThread
WaitForMultipleObjects
SetEvent
GetDriveTypeW
WaitForSingleObject
ResumeThread
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentThreadId
GetVersionExW
lstrcpynW
GetTickCount
lstrlenW
WideCharToMultiByte
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperW
GetClassNameW
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetScrollRange
GetScrollPos
GetTopWindow
MessageBoxW
IsChild
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
SetWindowPlacement
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
DestroyWindow
CreateWindowExW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SystemParametersInfoW
GetWindowPlacement
SetWindowPos
CheckMenuItem
GetMenu
SetMenu
IsIconic
FindWindowW
ExitWindowsEx
DestroyIcon
PeekMessageW
IsWindowUnicode
GetMessageW
TranslateMessage
DispatchMessageW
InsertMenuW
DrawIconEx
FrameRect
FillRect
RemovePropW
GetPropW
SetPropW
GetMenuItemID
GetMenuDefaultItem
GetDCEx
EndDeferWindowPos
AppendMenuW
CreatePopupMenu
GetSystemMenu
RedrawWindow
GetWindowLongW
SetWindowLongW
CallWindowProcW
IntersectRect
CallNextHookEx
keybd_event
SetWindowsHookExW
TrackPopupMenuEx
UnhookWindowsHookEx
GetMenuStringW
GetMenuItemCount
WindowFromPoint
DestroyMenu
GetWindow
PostMessageW
TrackPopupMenu
GetParent
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
SetRect
OffsetRect
ReleaseCapture
GetCapture
SetCapture
GetFocus
IsWindowEnabled
SetFocus
RegisterWindowMessageW
GetDC
ReleaseDC
DrawFocusRect
GetSysColor
SetCursor
LoadIconW
KillTimer
SetTimer
SetParent
SetMenuDefaultItem
GetSysColorBrush
ValidateRect
ShowOwnedPopups
wvsprintfW
MapDialogRect
GetAsyncKeyState
LoadStringW
EndDialog
CreateDialogIndirectParamW
PostQuitMessage
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
GetActiveWindow
CheckMenuRadioItem
GetCursorPos
GetKeyState
DeleteMenu
ScreenToClient
GrayStringW
DrawTextW
TabbedTextOutW
UpdateWindow
PtInRect
CopyRect
InvalidateRect
LockWindowUpdate
GetSystemMetrics
InflateRect
IsWindowVisible
GetWindowRect
LoadMenuW
ClientToScreen
GetSubMenu
SetActiveWindow
SetForegroundWindow
SendMessageW
DestroyCursor
LoadBitmapW
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
GetDesktopWindow
TranslateAcceleratorW
LoadAcceleratorsW
CharNextA
CallWindowProcA
RemovePropA
SetRectEmpty
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
ShowWindow
BeginDeferWindowPos
MoveWindow
SetWindowsHookExA
GetWindowLongA
SendMessageA
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
GetClientRect
IsWindow
EnableWindow
LoadCursorW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
IntersectClipRect
GetDeviceCaps
CreatePen
CreatePatternBrush
SetRectRgn
GetTextMetricsW
EnumFontFamiliesExW
CreateRectRgn
CombineRgn
SetTextColor
SetBkMode
CreateBitmap
SetBkColor
SaveDC
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
RestoreDC
CreateDIBSection
DeleteDC
PatBlt
SelectObject
DeleteObject
CreateSolidBrush
GetBkMode
GetBkColor
GetTextExtentPoint32W
GetTextColor
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
GetObjectW
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCloseKey
RegQueryValueW
RegSetValueExW
RegCreateKeyW
RegSetValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
ExtractIconW
SHGetSpecialFolderPathW
DragQueryFileW
SHGetSpecialFolderLocation
DragFinish
DragAcceptFiles

comctl32

ImageList_GetImageInfo
_TrackMouseEvent
ImageList_BeginDrag
ImageList_Draw
ImageList_AddMasked
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_EndDrag
ord17
ImageList_Destroy
ImageList_Create
ImageList_DrawIndirect
PropertySheetW
DestroyPropertySheetPage
ImageList_ReplaceIcon
CreatePropertySheetPageW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
SysAllocString

winmm

timeKillEvent
timeSetEvent

shlwapi

PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathMakePrettyW
PathFindFileNameW
PathRenameExtensionW
PathRemoveFileSpecW
PathIsURLW

wininet

InternetOpenW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetGetConnectedState
InternetCloseHandle
InternetCrackUrlW

Sections

.text
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b0b31a20a4dd2dfd2bd616739ed825c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

winmm

shlwapi

wininet

Sections

.text Size: - Virtual size: 852KB

.rdata Size: - Virtual size: 131KB

.data Size: - Virtual size: 98KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.6MB - Virtual size: 3.6MB

.rsrc Size: 164KB - Virtual size: 411KB

.text
Size: - Virtual size: 852KB

.rdata
Size: - Virtual size: 131KB

.data
Size: - Virtual size: 98KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 164KB - Virtual size: 411KB