03e3efc8f4c8672e33e4a4e6f708687f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03e3efc8f4c8672e33e4a4e6f708687f_JaffaCakes118
Size

532KB
MD5

03e3efc8f4c8672e33e4a4e6f708687f
SHA1

355bf6490fd59d0fc8c398eb5cc338f7b599287d
SHA256

88d4329a41623deb7fe25d6009e3a0405897272bd676eeda32ec5b5fb648dd6e
SHA512

e973c435214ed9d5b0f1aff91b24d53803ab412bb5f2bf2af135608089e3e591adae1ad02abc5df1cf55e226b3524563bcbdf88d1dddd3677f080e127c564d46
SSDEEP

12288:7lhji6zuyUD3XCgI6Cm9TrlRppICzpuCjpQ9OVP9KmlW:7lhmCuyk3XZRoC8CYON9fc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e3efc8f4c8672e33e4a4e6f708687f_JaffaCakes118

Files

03e3efc8f4c8672e33e4a4e6f708687f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

32493e64d1b3e087d68b94f498ff5ddb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrRetToBufA

ole32

CoCreateInstance

shell32

SHGetMalloc

kernel32

FindNextFileW
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

_vsnprintf_s

ws2_32

WSAAsyncSelect

user32

FindWindowA

advapi32

RegQueryValueExA

Exports

Exports

??0smss@@QAE@XZ
??1smss@@QAE@XZ
??4smss@@QAEAAV0@ABV0@@Z
?rsacnReslut@@YAXXZ
scanMiddle
scanbegin

Sections

.text
Size: - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32493e64d1b3e087d68b94f498ff5ddb

Headers

File Characteristics

Imports

shlwapi

ole32

shell32

kernel32

msvcp80

msvcr80

ws2_32

user32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 666KB

.rdata Size: - Virtual size: 400KB

.data Size: - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 428B

.vmp0 Size: - Virtual size: 48KB

.vmp1 Size: - Virtual size: 36KB

.vmp2 Size: 520KB - Virtual size: 516KB

.reloc Size: 4KB - Virtual size: 136B

.text
Size: - Virtual size: 666KB

.rdata
Size: - Virtual size: 400KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 428B

.vmp0
Size: - Virtual size: 48KB

.vmp1
Size: - Virtual size: 36KB

.vmp2
Size: 520KB - Virtual size: 516KB

.reloc
Size: 4KB - Virtual size: 136B