09ff2ddee764032e794f87ed5809705f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09ff2ddee764032e794f87ed5809705f_JaffaCakes118
Size

194KB
MD5

09ff2ddee764032e794f87ed5809705f
SHA1

2d09f09e755f9470ef48b9b4cb9ad2dec7e1343e
SHA256

dd7cb391dabdcac1af18850139afbdd958e603637a0e9116392d06b4a863f993
SHA512

3c0bab237837f67be65f9a55a3d763fdc0cf0525b78f16f766b8dc9be495e39dfecebb28131ccb13f0fd637079dab993c92ff06fbcb7d1918a0281db9caa6882
SSDEEP

3072:dDDsdABdBg0q2WvJaRfkPyXvdcJl0zQFhSSiPZbLr+G0JT5A0FzgBozo/OT9sg:Z3SxaYdl0zQD3iB3KnJl9x79sg

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/VaultBlaster2.1/Vault Blaster 2.1/npgmup.dll	acprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VaultBlaster2.1/Vault Blaster 2.1/Vault Blaster 2.1.exe
unpack001/VaultBlaster2.1/Vault Blaster 2.1/npgmup.dll
unpack001/VaultBlaster2.1/Vault Blaster 2.1/wz_zp.dll
unpack001/VaultBlaster2.1/Vault Blaster 2.1/zerg.dll

Files

09ff2ddee764032e794f87ed5809705f_JaffaCakes118
.rar
VaultBlaster2.1/Vault Blaster 2.1/Vault Blaster 2.1.exe
.exe windows:4 windows x86 arch:x86

7f6226fbf8d9a650a529ff3c9509d141

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaGetFxStr3
ord516
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord667
__vbaLateMemSt
__vbaVarForInit
ord593
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaFileSeek
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord616
__vbaVarCopy
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaVarLateMemCallSt
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VaultBlaster2.1/Vault Blaster 2.1/npgmup.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

text
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VaultBlaster2.1/Vault Blaster 2.1/wz_zp.dll
.dll windows:4 windows x86 arch:x86

c4ff1c06e0b4fa267d2b363da567d1f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
CloseHandle
ReadFile
CreateFileA
HeapCreate
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
FatalAppExitA
GetModuleHandleA
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetLastError
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
WriteFile
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
CompareStringW
SetEnvironmentVariableA
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
SetFilePointer
SetStdHandle
UnhandledExceptionFilter
Sleep
SetEndOfFile
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA

user32

wsprintfA

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite
WZCompressFile
WZDecompressFile

Sections

.text
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VaultBlaster2.1/Vault Blaster 2.1/zerg.dll
.dll windows:5 windows x86 arch:x86

55166482b91a05fe99ef0bdac2295e59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetCurrentThreadId
CreateToolhelp32Snapshot
GetModuleFileNameA
WritePrivateProfileStringA
Process32Next
GetLocalTime
GetPrivateProfileStringA
Module32First
GetPrivateProfileIntA
Process32First
CreateFileA
ExitProcess
FlushFileBuffers
WriteConsoleW
SetFilePointer
CreateFileW
UnmapViewOfFile
LocalFree
LocalAlloc
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
Sleep
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

GetFocus
mouse_event
SetTimer
KillTimer
CallNextHookEx
wsprintfA
GetForegroundWindow
MessageBoxA
SetCursorPos
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowA

opengl32

glTexCoord2f
glGenTextures
glTexParameteri
glPixelStorei
glEnd
glBindTexture
glVertex3d
glTexImage2D
glBegin
glColor3d
glGetDoublev

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

CreateDIBSection
SetDIBits
GdiFlush
DeleteDC
CreateCompatibleDC
SelectObject
DeleteObject

Exports

Exports

Init

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f6226fbf8d9a650a529ff3c9509d141

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 88KB - Virtual size: 84KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

text Size: - Virtual size: 84KB

rdata Size: 56KB - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 4KB

c4ff1c06e0b4fa267d2b363da567d1f9

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 312KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 24KB - Virtual size: 30KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

55166482b91a05fe99ef0bdac2295e59

Headers

File Characteristics

Imports

kernel32

user32

opengl32

version

gdi32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 9KB - Virtual size: 145KB

.shared Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 84KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

text
Size: - Virtual size: 84KB

rdata
Size: 56KB - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 316KB - Virtual size: 312KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 24KB - Virtual size: 30KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 9KB - Virtual size: 145KB

.shared
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB