0fa7f7fec9bb3cf540a67f3b7102dcf5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fa7f7fec9bb3cf540a67f3b7102dcf5_JaffaCakes118
Size

48KB
MD5

0fa7f7fec9bb3cf540a67f3b7102dcf5
SHA1

3093a3243367ddc024392ea42cc14a84ed6aed30
SHA256

dbd66cb5cdebd27c7c07ea12343dcd89c935e41ca2f19c24dc3d4af2642604f5
SHA512

dcb41595233ac991d3b6fbff0843848896372d7a973ea643cae2d0e09e09e7489c8a2af5ee14deb563ab7c0939aff9a28f86eb324698fdc4ba568d59c44ee4a6
SSDEEP

768:cM+FQ/LwzxB41ntEFHkB4hmEDW5ZTe1plWmqh2dzxO:cM++uBUtXB4hY5ZTen4mt7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa7f7fec9bb3cf540a67f3b7102dcf5_JaffaCakes118

Files

0fa7f7fec9bb3cf540a67f3b7102dcf5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

154c6d7d87065063e421a508bb2e5131

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
inet_addr
socket
recv
inet_ntoa
gethostbyname
send
closesocket
WSAStartup
connect

shlwapi

StrStrIA

psapi

GetModuleFileNameExA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3922
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3953
ord823
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord3147
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
__CxxFrameHandler
strncmp
malloc
wcscmp
free
_ftol
atoi
sprintf
strchr
_strlwr
strrchr
strstr

kernel32

CreateToolhelp32Snapshot
ReadFile
GetFileSize
SetFileAttributesA
Process32First
CreateThread
Process32Next
OpenProcess
DeleteFileA
LocalAlloc
GlobalAlloc
Sleep
GlobalFree
CloseHandle
TerminateThread
VirtualQuery
LocalFree
WriteFile
TerminateProcess
CreateFileA

user32

PostThreadMessageA
GetWindowTextA
GetAsyncKeyState
MapVirtualKeyA
PeekMessageA
GetDesktopWindow
CallNextHookEx
ScreenToClient
UnhookWindowsHookEx
GetForegroundWindow
TranslateMessage
GetMessageA
SetWindowsHookExA
GetKeyState
GetTopWindow
GetWindow
GetClientRect
GetDC
ReleaseDC
keybd_event
GetCursorPos
DispatchMessageA
mouse_event

gdi32

GetDIBits
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
GetDeviceCaps
GetObjectA

Exports

Exports

Start

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 221B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

154c6d7d87065063e421a508bb2e5131

Headers

File Characteristics

Imports

ws2_32

shlwapi

psapi

gdiplus

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.vmp0 Size: 4KB - Virtual size: 2KB

.vmp1 Size: 4KB - Virtual size: 221B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.vmp0
Size: 4KB - Virtual size: 2KB

.vmp1
Size: 4KB - Virtual size: 221B

.reloc
Size: 4KB - Virtual size: 2KB