ff4abc9c55cab5bbe7d891ed4c7391e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff4abc9c55cab5bbe7d891ed4c7391e0_JaffaCakes118
Size

781KB
MD5

ff4abc9c55cab5bbe7d891ed4c7391e0
SHA1

b6f16fc49cbf6896c3aebf8430759e7b92d70034
SHA256

a848e9ca1c10ec01de6ab56b36ac5c15aab8a5d7cddd832f15345843908ece17
SHA512

18586b2038d9556a0de60cdb29f50c954b1065118aeca4b0e47d677b294f85dc4eb0451a18fdb682e711c85a777dbb8014dcd053539091d1ca1d4470fc9b8212
SSDEEP

12288:uUMLWpHVqjPnu9KQqa3KsFooNV+jJU/qXOYcfEuivvgB2i9:AWBVkaKQq07SjJU/njMxm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff4abc9c55cab5bbe7d891ed4c7391e0_JaffaCakes118

Files

ff4abc9c55cab5bbe7d891ed4c7391e0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67cbf01b1063dc3f5d20ef1e71a8c5e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose
waveInReset
waveInUnprepareHeader
waveInClose
PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveInStop

kernel32

SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA
GetProfileStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
TerminateProcess
ExitThread
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
DeleteFileA
LockResource
SizeofResource
LoadResource
FindResourceA
GetTempPathA
CopyFileA
GetSystemDirectoryA
GetComputerNameA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
ExitProcess
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
lstrcatA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
LocalSize
FreeLibrary
GetVersionExA
GetVersion
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
lstrcmpA
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
VirtualProtect
ExitProcess

user32

GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
CheckMenuRadioItem
SetClassLongA
SetForegroundWindow
LoadBitmapA
GetSystemMenu
AppendMenuA
CheckMenuItem
MessageBeep
GetSystemMetrics
DrawEdge
RedrawWindow
GetDesktopWindow
SetMenu
CharNextA
DeleteMenu
EndDeferWindowPos
EnableMenuItem
SetScrollInfo
GetFocus
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
ScreenToClient
GetWindow
CopyIcon
PtInRect
KillTimer
GetKeyState
ReleaseCapture
SetCapture
SetTimer
SetRectEmpty
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
DrawFrameControl
GetCursor
GetClassInfoA
DefWindowProcA
LoadCursorA
FrameRect
LoadMenuA
LoadImageA
GetIconInfo
GetDC
ReleaseDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
SetRect
EnableWindow
SendMessageA
LoadIconA
GetMessageA
GetScrollInfo
GetCursorPos
ScrollWindow
TranslateAcceleratorA
TranslateMessage
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
CharUpperA
PostThreadMessageA
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
InvertRect
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetClassNameA
SetParent
BringWindowToTop
UnpackDDElParam
GetMenuItemCount
ReuseDDElParam
ShowOwnedPopups
PostQuitMessage
IsZoomed
IsRectEmpty
SystemParametersInfoA
FindWindowA
DispatchMessageA
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA

gdi32

GetTextExtentPointA
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
LPtoDP
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
CreatePen
RoundRect
SetBkMode
TextOutA
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
GetTextExtentPoint32A
SetPixelV
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject
CreateDIBitmap

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegSetValueA

shell32

ShellExecuteA
ShellExecuteExA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ord71
SHGetFileInfoA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoGetClassObject
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear

shlwapi

SHAutoComplete
PathRemoveFileSpecA

ws2_32

WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSAIoctl
WSAEventSelect
htons
bind
listen
WSACleanup
WSAStartup
closesocket
getpeername
inet_ntoa
ioctlsocket
connect
select
send
recv
gethostname
gethostbyname
WSACloseEvent
WSASend
WSARecv
socket
accept
WSAGetLastError
setsockopt
WSACreateEvent

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData

avifil32

AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileInit
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit

msvfw32

DrawDibClose
ICDecompress
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
DrawDibDraw
DrawDibOpen

skinppwtl

ord3
ord2

Sections

.text
Size: - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 330KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67cbf01b1063dc3f5d20ef1e71a8c5e6

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

pdh

avifil32

msvfw32

skinppwtl

Sections

.text Size: - Virtual size: 525KB

.rsrc Size: 330KB - Virtual size: 553KB

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: 449KB - Virtual size: 448KB

.reloc Size: 512B - Virtual size: 116B

.text
Size: - Virtual size: 525KB

.rsrc
Size: 330KB - Virtual size: 553KB

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: 449KB - Virtual size: 448KB

.reloc
Size: 512B - Virtual size: 116B