0b29e60f95f2db0446b383d2867f8f99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b29e60f95f2db0446b383d2867f8f99_JaffaCakes118
Size

1.1MB
MD5

0b29e60f95f2db0446b383d2867f8f99
SHA1

43626207eae8b2e74f01fc1d9d3d266b8d7b1a5b
SHA256

9b24b672cb146d71b42a5f9960011d7a2591e0a06376637d6bfe6bcdad9a0acc
SHA512

46cde015e89052cc0ff84462a8c63005f51e0281c66bb71a6f097a66623fc606bc6dd9c106598f18a3ae819d9b5b530e063064dd0e711ef8512246ee4718e8cb
SSDEEP

24576:SbsHU1rUHS3NR/j3qLk1TPEYhSdK3aizijadXFio:S4SFNR/bSk1TcYhSg3ai+IF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b29e60f95f2db0446b383d2867f8f99_JaffaCakes118

Files

0b29e60f95f2db0446b383d2867f8f99_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8e261bb72335f785a8782dc222a0657f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutUnprepareHeader

ws2_32

recvfrom

kernel32

LoadResource
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CallNextHookEx

gdi32

CreateFontA

winspool.drv

ClosePrinter

advapi32

OpenProcessToken

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_DragEnter

comdlg32

GetFileTitleA

Exports

Exports

�iq]ʢq�]L�3��bAp6�<�SP\��j�Ƴ�x*>Y#�"��ho�G'��dS�w�%iz��j��K��(��e�ݪ��HIj��۝�ލ�u@Y�J��P!�uE|Gxw��׉��n$�J ��e��+ߊ�QS㾎&%�#)�bO��-��o�m�^�厲�k&��b.;N#O�v��[�8��D|sV�{Z�b%�Iŉ�a��Gt}SȆA��YR�_�p��g1Rm,��L�� t��#/X|��PE��0|�~��P��p�q{)��u�@�A��l.��t]2X)��XQȢ�?ԑ��p��?�L-m��I�1h��k��7��ܗ��ų�P>uG�u�P��D��U��c��V��ڵw��S7(��%C�zL�EVP["��Λ�� g� R7��j�q��d�m�TU��65��#c�dk8�N�u�'��[:��ix,X�L#��\�s��ֲb��ǌJ0��o�ȚE��:�X_��QĒ�Yۭ�X��ũ�?�Ig@�&p��`�Ös"��!�쾴��m��c��;�7��QYߛ��:H�hy+�}�D�n��g�1��7.��\N��9��˻Ư�Ɯ�19�4��R�3��dd��WL�h��3�"F4_��$��U_9��̯�L6��԰%�e�[2<��w��#��ġiq�k��{CAPr��B~|�Ez�w��]��g�m� �p�#t=L�uv�Q�́��(Ex+=$��_�3_��E�:<��&vu?��M�9'�c,�,97�Z�u�qJbd��^s��d`4�*��2�}��.�F&d�.��>D�ٜ��h�a%�S.��_b(�� F��v��u<��թ"�^�K�+s��3V0�{a1�Y)z�܇��ߘl�+?@�� f�S�b�+x�<D��gғTB��6ٞf;�.C��p^�� b��Լ�n�;6�HÉ:,5��RiE<oUz��=g4��(`��A�V"?��5�Ւ[�g��|r��DG��9��D��X��H^��h�bJ�H��j�[OLOR=?{��Jl�}�=L�XN��<N�Q�*S��{g��@��ҍ��V��J��j�$��crO��'5��_F�v�:o��?�*aA9� ��Z�x��m1܅Er��m0a�.{X4��G��Z-�i��ۼߺ��ioKs��m�|j{R^��_��ɠ/�+�#��B��qu��V֣��I�(�!��R�}g>��S!��.b��+ON��ʑf��p��Ğ�B;��3��7��j��Uv�1b�?�zF�]~t�¡/�̱IW��4J��J��B�^�J�`<\��#y��dK�_�3-�z��A $$R�:��ϴj]3�'�|/��+�Q�+�M|��Ѡ�� I�n��!�:��z!��t��R�(��l|2դZ�Aw��5�[ڪ-7��E��~�i|{�r��vj��G��,v�'��?Bû��~}ò��L�<䁰�=f��)��N��J<l(��Q��"$�A��ž��N��vbY�ȗ��s�ۑlA��}^R��(feQ� �#�:M�-��ݡBBR��_��a�چ�^��OiNy��[��Ð��{��2�q��~��G �g킙��ה�~��,*m�2Ĥ �Wu;�s��r��M�Yt/�,(��9��R��%4g0<]�`IҠ��w�TT��qC��CP9\.�ɰ��,6��J�I��k��\��J��n��U��5�x��,KABk^o�H�¨ϸDͤV:��n�s��@"-e��3��?��Rn�N��{}]Ö<��R73�*F��=_hi�`Ir��g1�O0)`^r�b��D9�C\��-�&��lZ(+��JJ��?�mm$��l��a�~��'K��_�UHZ��*�&Iڽ?��^$gbpg�CoW��S�;��4��F[Tt��hs8D3��*��Z��Z��<�� f?M`yC��c��OԾw@�/أE=��5"��y�4B�Q�Y�JM��r|3��BaG�*�1ȝ��v �̖$%�KCbx��"�] ԂF��MP>4g�B姺*A�fgoۃ|ۃ�~w��?Q��% ��.�~N�CM�G[�B��Y|��.��&�7��=��*9l��M��V^��n��J~�KX��KO좳:��&��|�إu�nN�I�;]�ׁ�1��Zgr��ϴ��P�m�zf��fb�NܯE��rz�&�^DZ\9��b��u�J��wB��䲿<mE��}I'�֔k ��J��o��E�V{3��K5��.�U�� ^�s`��Ԑ��J�� ݕ�'(��΁q��Z%��wz<|�l�iX�S��d%��fm��5Ȼ�1�Q�D#��hm�lj��:�kQ[h�xr|+�N@I��,�w�h/C"W��Ӣ��($��}�M��k?P��9C��:F8}4��\�!Ա8��I��h�St��!�6!�d�r�hL��o[��2ńIK2l��5�39l!�t �q7� �X�4��n��gS��2�Kۯ��ɸ1��Ƿb�9�`��ĥ��_hY��5��B?Q��>�F@�%�� e��j�V�%��&��z󵸾��N�w�p�m�]V��(��Ƿ�Z�K�bo��N�B/_I�3�Q��q� �a+g� ��I<��\�yo͚}��o�&G��D�e��H��esNv��t��n�9��ϬH4��X*/�rz�"��
RunDllHostCallBack
gonggaoaa

Sections

.text
Size: - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e261bb72335f785a8782dc222a0657f

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 528KB

.rdata Size: - Virtual size: 89KB

.data Size: - Virtual size: 211KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 77KB

.vmp1 Size: - Virtual size: 774KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 320B

.text
Size: - Virtual size: 528KB

.rdata
Size: - Virtual size: 89KB

.data
Size: - Virtual size: 211KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 77KB

.vmp1
Size: - Virtual size: 774KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 320B