05ed6a368fa24834c65ea2d16247ecdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05ed6a368fa24834c65ea2d16247ecdd_JaffaCakes118
Size

1.6MB
MD5

05ed6a368fa24834c65ea2d16247ecdd
SHA1

8cf419322becaf0132e2b2994bbced4a1e4e918e
SHA256

65b6c4306b2e279f3765fa83ad0df7a0e4bca0e00569677a8072f35dd4fa7d90
SHA512

fee31dd079b99ddad08ad0219f4b4b3372500929356f8fd74dfb74a250f14d6da9aa2a59bf4823894f370b8091d0dff6d83d9f9a9e5ba2c8e8d18f311d0941d7
SSDEEP

12288:5b8nqZLQ5k5aFU0w0G/+MWNdMBgq96Pt+k7pZ:5bqqZLQ5k5aFU0w0GmMWkGfPYk7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05ed6a368fa24834c65ea2d16247ecdd_JaffaCakes118

Files

05ed6a368fa24834c65ea2d16247ecdd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5427077ae35b6609e06190db47a28bbd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord6215
ord4224
ord3803
ord755
ord470
ord2301
ord2289
ord5981
ord2642
ord3092
ord2379
ord665
ord5442
ord3318
ord5186
ord354
ord4275
ord3663
ord3619
ord3573
ord3626
ord2414
ord6172
ord6170
ord5789
ord5873
ord1641
ord4274
ord2086
ord6467
ord5943
ord1168
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord4353
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord5289
ord2575
ord4396
ord3574
ord609
ord1146
ord6366
ord2587
ord4406
ord3729
ord804
ord6197
ord6379
ord4267
ord3610
ord656
ord640
ord2405
ord1640
ord323
ord3496
ord6199
ord2862
ord2097
ord6905
ord3873
ord3716
ord790
ord2363
ord6741
ord6508
ord5802
ord6648
ord941
ord2614
ord2299
ord2297
ord537
ord3093
ord3721
ord795
ord6880
ord6374
ord5163
ord2385
ord5241
ord4398
ord1776
ord4078
ord6055
ord2578
ord4218
ord2023
ord2411
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4376
ord5265
ord3640
ord3370
ord4402
ord2582
ord540
ord2818
ord2915
ord800
ord825
ord1771
ord2645
ord2362
ord2294
ord6334
ord3874
ord3998
ord4853
ord3302
ord4710
ord4234
ord2302
ord2370
ord324
ord567
ord384
ord860
ord641
ord616
ord693
ord686
ord3582
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord6785
ord5290
ord5302
ord269
ord826
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord823

msvcrt

_stricmp
_strnicmp
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_EH_prolog
atof
_except_handler3
realloc
free
malloc
wcslen
wcscpy
exit
fprintf
_ftol
rand
strstr
strncmp
__CxxFrameHandler
sprintf
strchr
atoi
fscanf
fwrite
fopen
fread
fclose
_strcmpi
_itoa

kernel32

LocalFree
UnmapViewOfFile
VirtualProtect
GetLocalTime
InitializeCriticalSection
GetModuleFileNameA
GetCurrentDirectoryA
TerminateThread
TerminateProcess
LoadLibraryA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
GetCurrentProcess
ReadProcessMemory
CreateThread
FindFirstFileA
FindNextFileA
FindClose
CreateEventA
WaitForSingleObject
GetTickCount
DeleteFileA
CloseHandle
Sleep
GetLastError
CreateFileA
CreateFileMappingA
MapViewOfFile
GetPrivateProfileIntA
GetModuleHandleA
GetProcAddress
lstrcmpiA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
LocalAlloc

user32

MoveWindow
ShowWindow
GetDC
GetDlgItem
IsIconic
DrawIcon
LoadIconA
IsWindowVisible
SetForegroundWindow
UpdateWindow
SetWindowPos
GetMessageA
DispatchMessageA
TranslateMessage
IsWindow
ExitWindowsEx
GetForegroundWindow
InvalidateRect
GetClientRect
GetKeyState
PostQuitMessage
KillTimer
SetTimer
SetWindowTextA
EnableWindow
MessageBoxA
GetSystemMetrics
GetSysColorBrush
FrameRect
InflateRect
GetSysColor
FillRect
DrawFocusRect
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
RedrawWindow
SendMessageA
SetWindowLongA
GetFocus
GetWindowLongA
GetClassNameA
GetWindowDC
GetWindowRect
ReleaseDC
EnumChildWindows
CallNextHookEx
DefWindowProcA
CallWindowProcA
DrawTextA
OffsetRect
LoadBitmapA

gdi32

StretchDIBits
Ellipse
GetObjectA
CreateFontIndirectA
GetStockObject
CreatePen
MoveToEx
LineTo
CreateSolidBrush
SetPixel
SetTextColor
DeleteObject
DeleteDC
CreateCompatibleDC
SetBkMode
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA

msimg32

GradientFill

ws2_32

socket
WSAStartup
WSAEventSelect
shutdown
closesocket
setsockopt
htons
ioctlsocket
connect
select
recv
WSAGetLastError
send
gethostbyname
inet_ntoa
inet_addr

winmm

sndPlaySoundA
timeGetTime

Exports

Exports

?MouseProc@@YGJHIJ@Z
?UnHook@@YAHXZ
KeyboardProc
_EXECryptor_AntiDebug@0
_EXECryptor_DecodeSerialNumber@16
_EXECryptor_DecodeSerialNumberW@16
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_IsRegistered@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_RegConst_0@0
_EXECryptor_RegConst_1@0
_EXECryptor_RegConst_2@0
_EXECryptor_RegConst_3@0
_EXECryptor_RegConst_4@0
_EXECryptor_RegConst_5@0
_EXECryptor_RegConst_6@0
_EXECryptor_RegConst_7@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8
_EXECryptor_VerifySerialNumber@16
_EXECryptor_VerifySerialNumberW@16
installhook

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5427077ae35b6609e06190db47a28bbd

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

msimg32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 24KB - Virtual size: 1.4MB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.vmp0 Size: 28KB - Virtual size: 25KB

.vmp1 Size: 204KB - Virtual size: 200KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 24KB - Virtual size: 1.4MB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.vmp0
Size: 28KB - Virtual size: 25KB

.vmp1
Size: 204KB - Virtual size: 200KB

.reloc
Size: 20KB - Virtual size: 16KB