0c6cfcf2ed4fa5907ff75e84fe936b2b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c6cfcf2ed4fa5907ff75e84fe936b2b_JaffaCakes118
Size

1.3MB
MD5

0c6cfcf2ed4fa5907ff75e84fe936b2b
SHA1

7783510b5c95d827a1dfe2dc2171355e306f3c27
SHA256

9051cc3c14a8cf15489fc09a498efdd702d87b65322b26b053e73ee0804265c4
SHA512

5854fd695d3dd898f5856ab255e6829fc865217546ab851b6583f489e6401ca0690a44b2cbb9564659973ce0f07bed945cfe05ca47fb120ff15ee14ba47c248f
SSDEEP

24576:e77nl8Qn3GJn5NrpihqE5tSrJaloTtLCAK0Ep0o1O/jjcjDcW:eHlh2nJpatzSrJaleCAKpicjYW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/YY7wIDsq/歪歪7位ID申请.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/YY7wIDsq/歪歪7位ID申请.exe

Files

0c6cfcf2ed4fa5907ff75e84fe936b2b_JaffaCakes118
.rar
YY7wIDsq/歪歪7位ID申请.exe
.exe windows:5 windows x86 arch:x86

4d7a37df2191d032c838f103f44f16d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageA

gdi32

GetDeviceCaps

winmm

midiOutReset

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

CoGetClassObject

oleaut32

SafeArrayGetElement

comctl32

ord17

oledlg

ord8

ws2_32

recvfrom

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
YY7wIDsq/飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

4d7a37df2191d032c838f103f44f16d1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 699KB

.rdata Size: - Virtual size: 200KB

.data Size: - Virtual size: 173KB

.vmp0 Size: - Virtual size: 837KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: - Virtual size: 699KB

.rdata
Size: - Virtual size: 200KB

.data
Size: - Virtual size: 173KB

.vmp0
Size: - Virtual size: 837KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 44KB - Virtual size: 42KB