063458066c23205e04931d0acabc70c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

063458066c23205e04931d0acabc70c5_JaffaCakes118
Size

68KB
MD5

063458066c23205e04931d0acabc70c5
SHA1

585614e3146313bc054ec72006dfe28c5c061fd7
SHA256

c4e8f6242e1aca7bd2973c82a74944334d98a314d1d534adc62350998956c80c
SHA512

665f10fa4c570694486b2d54fd5202de4a2b806c71581f9a3ced26ea2759c6550ea3d5e109a035c200cfde4a5e3d862f41a9d08e5c13e0f06a585399edc04170
SSDEEP

768:cT18WB5+a+BU51TLeC8FNrE1NEkAoTcDK7yyjelGSlkgssC0t1NLYrq90mpHTHf2:cJYSfLskhmK7yyAUgsWLYm1f2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
063458066c23205e04931d0acabc70c5_JaffaCakes118

Files

063458066c23205e04931d0acabc70c5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0cc62ec607367c4547f52f28ac5bd467

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2915
ord2764
ord4129
ord6648
ord537
ord926
ord924
ord922
ord858
ord6663
ord860
ord4278
ord939
ord6877
ord540
ord1168
ord2818
ord535
ord800

msvcrt

_adjust_fdiv
srand
time
__CxxFrameHandler
atoi
_initterm
_onexit
__dllonexit
malloc
free
exit
strstr
printf
rand

kernel32

GetProcAddress
LoadLibraryA
lstrcpyA
GetComputerNameA
Sleep
ExitThread
CreateThread
GetTickCount
WinExec
GetSystemDirectoryA
GetModuleFileNameA
SetFileAttributesA
GetCurrentProcess
ExitProcess
CreateMutexA
GetLastError

user32

ExitWindowsEx
MessageBoxA
wsprintfA

advapi32

RegDeleteValueA
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
DeleteService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenServiceA

shell32

ShellExecuteA

ws2_32

gethostbyname
sendto
inet_addr
htons
setsockopt
WSASocketA
WSAStartup
inet_ntoa
gethostname
socket
WSACleanup
htonl
connect
send
closesocket
recv
WSAGetLastError
__WSAFDIsSet
select

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cc62ec607367c4547f52f28ac5bd467

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 888B

.vmp0 Size: 4KB - Virtual size: 2KB

.vmp1 Size: 16KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 888B

.vmp0
Size: 4KB - Virtual size: 2KB

.vmp1
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 2KB