07149b0390806305ee6f06656eb6bb5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07149b0390806305ee6f06656eb6bb5b_JaffaCakes118
Size

227KB
MD5

07149b0390806305ee6f06656eb6bb5b
SHA1

de68ed03da6b006b5ff0c41c078633bc26f84cec
SHA256

b3cf4c0c5208244ab417dd7d9132aba21e906977b113b0d522a066586382c200
SHA512

1d6da20d2572121b67ab1547d9c04d8adae0a861c678842b1b704d6d2c336bd40b84199c195698237f6fe17dd2b66cb68c96a92a6e7cd96bf08105d11051e90e
SSDEEP

6144:zC01efUFR2ppu/P8EVSJ11UUO5qTx1Dj5d:zC0osL2Hu/jVSxbHF1D9d

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07149b0390806305ee6f06656eb6bb5b_JaffaCakes118

Files

07149b0390806305ee6f06656eb6bb5b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

22c7f653582cae87ef88549e7ac8a5df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetRect

msvcr90

_adjust_fdiv

msvcp90

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ

gdi32

SetTextColor

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22c7f653582cae87ef88549e7ac8a5df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr90

msvcp90

gdi32

advapi32

Sections

.text Size: - Virtual size: 121KB

.rdata Size: - Virtual size: 69KB

.data Size: - Virtual size: 68KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 22KB

.vmp1 Size: - Virtual size: 100KB

.vmp2 Size: 224KB - Virtual size: 224KB

.reloc Size: 512B - Virtual size: 236B

.text
Size: - Virtual size: 121KB

.rdata
Size: - Virtual size: 69KB

.data
Size: - Virtual size: 68KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 22KB

.vmp1
Size: - Virtual size: 100KB

.vmp2
Size: 224KB - Virtual size: 224KB

.reloc
Size: 512B - Virtual size: 236B