fded0b212a35644ad9cb701ec4ba9789_JaffaCakes118

General

Target

fded0b212a35644ad9cb701ec4ba9789_JaffaCakes118
Size

89KB
MD5

fded0b212a35644ad9cb701ec4ba9789
SHA1

536de44738c40e72cd4323577771427131278b74
SHA256

0b2c0b89540415995c28de413e0d753a7b0afe3127b24925b04cb0fd33429268
SHA512

7d674c94196f476a129f421792b65b02c5afb19c59c4d26476fb8532ee159517d95cd9b033389f2c2a8696010f7a6fcde5df94f860b47d64658d04b1cc554c60
SSDEEP

1536:+o1ao9pLnQ36yLMTiufgcQupIluWH6O0JriQyzuyuzPRhM1BJWr5E+6Jbt+0oyr:+o1vzn6LsiUzKlR6O0JriQygM1BIr5WR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fded0b212a35644ad9cb701ec4ba9789_JaffaCakes118

Files

fded0b212a35644ad9cb701ec4ba9789_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ee0ddce0bb50c427eef3d3a6b4df0f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcpyA
lstrlenA
lstrcmpiA
SetLastError
GetLastError
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
GetLocalTime
SetUnhandledExceptionFilter
Sleep
GetCommandLineA
SetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

_CxxThrowException
_except_handler3
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler
strchr
??2@YAPAXI@Z
fopen
fwrite
strtok
fclose
_strrev
_stricmp

user32

MessageBoxA

Sections

Avira
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ee0ddce0bb50c427eef3d3a6b4df0f7

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

Avira Size: - Virtual size: 2KB

.text Size: - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 68KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 79KB - Virtual size: 79KB

.reloc Size: 512B - Virtual size: 64B

Avira
Size: - Virtual size: 2KB

.text
Size: - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 68KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 79KB - Virtual size: 79KB

.reloc
Size: 512B - Virtual size: 64B