fff1c8e390c5ca1f3eb4c00329144671_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fff1c8e390c5ca1f3eb4c00329144671_JaffaCakes118
Size

806KB
MD5

fff1c8e390c5ca1f3eb4c00329144671
SHA1

ff1049ae688c433e6f0bbeb6c31eb0408be5eb6f
SHA256

5330c4adc8f0008180fba5651fcad0a5a56e2ddc2df663ac19dad96b8de7c466
SHA512

f32b25bfde454e6c828d0afbf93d9daccb2739eb3f4ffe8128e38d408fca60ade79b344e252dd0b1a3bca2665c31cfb9c720c64013bd9ad04f01dd7160bbcb5c
SSDEEP

12288:kSD2dPmgDB9310WYfFQ93kSaGc8Z9MJAmRZByntyZuLmRz5hCakB8q7CBM+uhHum:1i9nDv310etaaoJL7L2KkwCO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fff1c8e390c5ca1f3eb4c00329144671_JaffaCakes118

Files

fff1c8e390c5ca1f3eb4c00329144671_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3299a44750a560912acc672856478602

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetVersionExA
GetCommandLineA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
MoveFileA
GetFileSize
ReadFile
Sleep
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
FileTimeToSystemTime
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetLastError
EnterCriticalSection
lstrcpyA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
DuplicateHandle
GetCurrentProcess
SetFilePointer
LocalFree
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
MultiByteToWideChar
GetFileAttributesA
GetFileTime
lstrcmpA
WaitForSingleObject
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
LCMapStringW
TerminateProcess
GetFileType
SetStdHandle
HeapSize
GetACP
GetLocalTime
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
lstrcpynA
Beep
GetCurrentThread
GetProcAddress
lstrcpyn
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateThread
GetSystemDirectoryA
CloseHandle
CreateFileA
WriteFile
LCMapStringA
RtlMoveMemory
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
LoadLibraryA
GetTempPathA
LocalAlloc
lstrcmpiA
GetCurrentThreadId
MapViewOfFile
OpenFileMappingA
FlushFileBuffers
GetModuleHandleA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SetCursor
CopyImage
CopyIcon
SetTimer
GetAsyncKeyState
GetDesktopWindow
GetWindow
IsWindowVisible
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
SystemParametersInfoA
GetKeyboardLayoutList
UnloadKeyboardLayout
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
GetWindowRect
GetFocus
SetFocus
IsWindow
GetDlgItem
GetWindowLongA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
UnhookWindowsHookEx
SetWindowLongA
DestroyIcon
TrackMouseEvent
InvalidateRect
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
LoadCursorA
GetSysColorBrush
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
LoadIconA
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
GetMessagePos
GetWindowPlacement
GetLastActivePopup
LoadStringA
UnregisterClassA
CopyRect
GetKeyState
CharUpperA
GetMessageTime
DefMDIChildProcA
DestroyWindow
EndDialog
GetClientRect
DefWindowProcA
SendMessageA
EndPaint
BeginPaint
PostMessageA
GetForegroundWindow
CallWindowProcA
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
MessageBoxA

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteObject
GetObjectA
StretchBlt
CreateSolidBrush
CreateRoundRectRgn
GetDeviceCaps
PtVisible
CreatePatternBrush
TextOutA
ExtTextOutA
Escape
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
RectVisible

shell32

DragQueryFileA
DragFinish
Shell_NotifyIconA
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

atl

ord47
ord42

advapi32

RegEnumValueA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegFlushKey

msvcrt

free
malloc
sprintf
strtod
strncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
atoi
_ftol
srand
rand
toupper
strrchr
_CIfmod
strncpy
modf
tolower
_strnicmp

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
SafeArrayCreate
VarR8FromBool
VarR8FromCy
OleLoadPicture
SafeArrayDestroy

rasapi32

RasHangUpA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA
RasDialA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

send
WSAStartup
htons
gethostname
gethostbyname
WSASetLastError
socket
setsockopt
select
closesocket
ioctlsocket
recv
connect
WSACleanup

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
FtpDeleteFileA
FtpRenameFileA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA

Exports

Exports

o߆��:Q�to��U�>��[:(�C{��lf� �� =2�vn2{uM*��,�+:��]��_g��"mAu��6F�_F�%Ed�T̾X**��I��`��h��$��m��h�� ;�>Rk�}�V~-*j��ÞEN2�!�B��k"U��F�(.(D��1^Ϸ��K�^�:�7'[�V�[�S�� -�yd`�t��3��(�7^/��$�G� (`�29C��-��> 'w�WD{D�U�-�=�恄��v~}��jR�ē/��R�ù4�4�#�־�L!B�G��z�E8�0f�ÿ�3�g�� O��7ϴ<��i_g/��t�O~p� ��tI %{��6��*�<�_+��<זB�)3�ṳ,��?Wӱ��QM�g��X��0��:��.��V��2Pm�V�e? gy��,��U'�l�?�࿨��֨'�udI��T��T�@m f��U�.�Rd.�K��>@a��,Z��>��Q�;�$�]!�eill�9��H��y��l�R��9)f1Eك��/vK�%�>��ȷ�t"O�`�4��?2;}�Z�e#ق�Q ��ס,��a��H�К`N��k�wU��qY�nu�P��e��]��>d� v�a��vy��-~g��;�&X:��·��7�e��_Oz��1M��XhY� ��ѓ��z3D�L� ��v0��> <��50��I֖ۘ"��f?�Hk3�ӎ�֕�0}g/n�?��P��9b��Ɨ�"��<�;��఻�d�+;�A{��<��^ ��EN˒e�W�FU��3�-��>k]Gt��&[|�.~�W+�:�Z�V��m��ض�k�6%��`w;W�K� @�~�*�\y��=��HӠ��W@ �,�G��`�(��"}�֭x�?�a<��&1uF��Hy�Uu�Nf�V6��g]�^��ꝟ�8�7`z�A,yw4�[��G{e+& ��R��U�_��%�h�W- 9�rb�=SR{��I6��~�?vf8��6ȬoC�&�M�F��qф��e6�)��\��R};�gT¶1Q��HP�ֶ.m��x�p�IL��֩�v�^��5v�j��a�%�@v�@yNA�)%��9'�8L�3��͟ ��p��x 8q��B~��'C��z��/#N*��I|^xQ�x��P �i��ۤ�(�{��Ȯ��o0o��n۰�� (#݁|9��"k��I_��ն�&��FF.=6n�s �r0t�SN؂*�M-y�pR�G��^!��aR��E��o!� �A�!��R��ڝ>h)�K�/�a�(��և�obK";�-ʗ=��L}�%Y\ ��fwf��ڨJ��26�m��;?��k��r[\��G?t@��%�L��@_aB^��|�Q��FkU�u�́H&Dy��$bV��U��B��}��}+�}H��-��2��-� �wf�0��#��)_��[�1��H#�+& ��Lj�� |�+�T��@n�e��-�4�;��Azӗ��H��" F\��s��t�"��D�M��eO Lc�m��*g8��^�3�(��~'��:�jЍvb�^DN��5��x+��YW�זb�d�u�3�y�1Z4<(�G�Ӗ�E~Fw��_��h$��-��Y�?�� =szW�cXv��Q7�� 1��S�P�� Ҍ��\�m�c�[&��F�X�0��r�p#'<��s��L�Z�:>��N��/�ɧM{#��;~�9�_(q,<c�Y'!��ȺA+ؒ�L<4��% �[`P,��f��H��u�X`,��s�e��(G!��h��tЇ�Xϧ>��e�ك7V@H� �{͑�s�Jw�5�w��˓d�H��^�^c�@��Jc�;Mx��P�W6�s��17W��0�OĖ��co��%��ᥲ��cf*��或 1�m��S&��>��m��H�1 Ԝ,��؛��o��b*��ӫBq>P�<<��P!Z�I�IPEˮ�`IŴ1(�j�pXa��E��҇���8��Wܜ9�96_� e��g��__T?dʟ�S��\��5��&�d'E��Z�hѫ��QO��\��B�C봢�H��^�s%�� &�i�8� ��[i/�4�_��7)4��4��@Rc��'�/t��%��>V��Z�ױBu#�:dA��- )9�R�ߎ��]<�LvPQJ�TX1+�� p o�A'��+d`�plm�VND��R`OǞ�u�Dp��Qr��ߥ*L�� Ə�n\B�+��ߠ��.<i��}ř�B� U[�E/��{�gM��|�kμ��mgwa|�0��?��y�5��5^9��kbM�Գ�o��A�d�X1x�Z@�#�I�R�DMN��7��;_~�[ Φ��4��T�!N}�Ӥ�� 6,��yw�xQ&�-��~��{�5i6�f��n�f��T�� i��Q�bd��bAB��f��ժR2Dk�[��U�r��G�H��<��X�Qb��0��5mSHP��>��힔T&�oo��+��zd :"�puM��-�6(�K�ؑ)��cA$=钋� ��s��]�HJ�V��r�E�av.�}��(>�ڨ�Ts��3�G;�\�?��M��HPtK��{��sx>�� E�8,ox��$C�Y��eճ��ـ̴|Ѡm��?��冣8��)��UF�pq��s#: ��LG�@d'��3^P$ �/��s��$a��(��t�g8&��qv�ʋ�O��M<��@EK��F�W~3��tug�XϪaI��

Sections

.text
Size: - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 798KB - Virtual size: 798KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3299a44750a560912acc672856478602

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

atl

advapi32

msvcrt

ole32

oleaut32

rasapi32

comdlg32

winspool.drv

comctl32

wsock32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 203KB

.rdata Size: - Virtual size: 29KB

.data Size: - Virtual size: 792KB

.rsrc Size: 6KB - Virtual size: 5KB

.vmp0 Size: - Virtual size: 8KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 798KB - Virtual size: 798KB

.reloc Size: 512B - Virtual size: 148B

.text
Size: - Virtual size: 203KB

.rdata
Size: - Virtual size: 29KB

.data
Size: - Virtual size: 792KB

.rsrc
Size: 6KB - Virtual size: 5KB

.vmp0
Size: - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 798KB - Virtual size: 798KB

.reloc
Size: 512B - Virtual size: 148B