1543a2d6f380f9be4ff0cf93de3ad631_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1543a2d6f380f9be4ff0cf93de3ad631_JaffaCakes118
Size

703KB
MD5

1543a2d6f380f9be4ff0cf93de3ad631
SHA1

4154b47ab975ae8afc219fe62e3f0267e7cb401b
SHA256

618a08ba4d6af87f008ba09c837d9e18a8ceb4c5e4565091fbaf978cf8af594d
SHA512

f39d9ff8306e183bbed7073f0718ce31123b66631a31b61e6ed9c269b5001e562cff7a8f3a74c0afb4496f485bc8e71ebd9706eda1141d9a5014433b76a6a356
SSDEEP

12288:pyFBx56D35GN4feskoWvEDmshArn2PKLrDK4uSazUkm4njI6R3bv4owRfuq3ezHh:pCy35GN42sk5OmsqrVrQ1VjR3bakq39I

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Vakitharcama.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Vakitharcama.dll
unpack001/Vakitharcama.exe

Files

1543a2d6f380f9be4ff0cf93de3ad631_JaffaCakes118
.rar
Vakitharcama.dll
.dll windows:5 windows x86 arch:x86

dc810da665a533cac0604fe37ded50b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetModuleHandleA
VirtualAlloc
VirtualProtect
Sleep
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
GetSystemInfo
IsProcessorFeaturePresent
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
OutputDebugStringA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

ShowWindow
CreateWindowExA
SetRect
MessageBoxA
GetAsyncKeyState
DestroyWindow
MessageBoxA

gdi32

GetGlyphOutlineA
SetBkMode
GetTextMetricsA
GetObjectW
GetCharacterPlacementW
GetCharacterPlacementA
SetBkColor
ExtTextOutW
MoveToEx
CreateFontIndirectW
DeleteDC
DeleteObject
ExtTextOutA
SetTextAlign
GetObjectA
SetTextColor
SelectObject
SetMapMode
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW

msvcr90

__CxxFrameHandler
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
sprintf
??2@YAPAXI@Z
memset
memcpy
malloc
free
_CIacos
_finite
_ftol
??3@YAXPAX@Z
strncpy
iswpunct
iswdigit
iswalpha
iswspace

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

d3d9

Direct3DCreate9

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vakitharcama.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrator\Belgelerim\Visual Studio 2008\Projects\Vakitharcama\Vakitharcama\obj\Release\Vakitharcama.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vakitharcama.bmp
vakitharcamacom.bmp

Sharing

General

Malware Config

Signatures

Files

dc810da665a533cac0604fe37ded50b3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

wininet

d3d9

advapi32

Sections

.text Size: - Virtual size: 114KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 19KB

.vmp1 Size: - Virtual size: 45KB

.vmp2 Size: 141KB - Virtual size: 140KB

.reloc Size: 512B - Virtual size: 64B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 201KB - Virtual size: 201KB

.sdata Size: 512B - Virtual size: 186B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 114KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 19KB

.vmp1
Size: - Virtual size: 45KB

.vmp2
Size: 141KB - Virtual size: 140KB

.reloc
Size: 512B - Virtual size: 64B

.text
Size: 201KB - Virtual size: 201KB

.sdata
Size: 512B - Virtual size: 186B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B