0584d49c2f2ce421b2c1b4dfd9cdb45c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0584d49c2f2ce421b2c1b4dfd9cdb45c_JaffaCakes118
Size

1.1MB
MD5

0584d49c2f2ce421b2c1b4dfd9cdb45c
SHA1

28b9f19175e8dc2ca8fc78338454022da08a904c
SHA256

aa5a3f0e70a2770944c4ad983eff84789b976244879379fc5fa366b774969639
SHA512

f801a91d6296d5c73db92e91e798a94066b541889087f727222129c1fd49e51b6aeb4fb691625f876e8b886814ca239b59421164f05e73d39f0b7a16ca3328e4
SSDEEP

24576:JEgb/iERYL03afWBAV0tC+rD3HkryYKeG88UUW4OdR1cdtl5mKENNegTVZM:JEgb3k0U+tC+n3EpKIXAtjmKED9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0584d49c2f2ce421b2c1b4dfd9cdb45c_JaffaCakes118

Files

0584d49c2f2ce421b2c1b4dfd9cdb45c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc94c8c1f89f5ed965eb976e6490b6d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

rasapi32

RasHangUpA

user32

GetCursorPos
MessageBoxA

gdi32

SetBkMode

winmm

waveOutUnprepareHeader

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

WSACleanup

wininet

HttpOpenRequestA

comdlg32

ChooseColorA

Sections

.textbss
Size: - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc94c8c1f89f5ed965eb976e6490b6d8

Headers

File Characteristics

Imports

kernel32

rasapi32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.textbss Size: - Virtual size: 941KB

.text Size: 8KB - Virtual size: 8KB

.data Size: 1.1MB - Virtual size: 1.1MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.vmp0 Size: 20KB - Virtual size: 16KB

.vmp1 Size: 40KB - Virtual size: 39KB

.textbss
Size: - Virtual size: 941KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.vmp0
Size: 20KB - Virtual size: 16KB

.vmp1
Size: 40KB - Virtual size: 39KB