14d0045a7b257d680666e47944781d88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14d0045a7b257d680666e47944781d88_JaffaCakes118
Size

671KB
MD5

14d0045a7b257d680666e47944781d88
SHA1

534b9b66d70facfe83e58fa3924774de16aea668
SHA256

2991ecfd31c9bdbe3b58b4fc44f1116e711c71867cab625acd116ca9f1d40c10
SHA512

946e1fba217b91d1648b223d75b73fa78b47da6317a3f270a66f5918c4681f30555fe52c4505e21592f2f7238def74f89d63ef27c04072bed524ec343bd9052e
SSDEEP

12288:nGisatyZGLSp4AhqYG/PmgDXJmtA8WzhWjPLQcpTBwm3VFaZfEtL5ZmJzyEpbgPy:nGpatRSpDs//PZmXXrMcQyVoeDcJGybz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/hacktool.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cnpro2.8 fix connect CF.exe
unpack001/hacktool.dll

Files

14d0045a7b257d680666e47944781d88_JaffaCakes118
.rar
Huong Dan.reg
Huong dan su dung Cnpromodz 2.8 fix Xtrap.url
.url
cnpro2.8 fix connect CF.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 522KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hacktool.dll
.dll windows:4 windows x86 arch:x86

58edd344d0464391e5683b55677090d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCursorPos

gdi32

SelectObject

advapi32

OpenSCManagerA

Exports

Exports

LoadUnhookDriver
UnloadUnhookDriver

Sections

.text
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 522KB - Virtual size: 596KB

.rsrc Size: 8KB - Virtual size: 12KB

58edd344d0464391e5683b55677090d0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 56KB

.rdata Size: - Virtual size: 8KB

.data Size: - Virtual size: 11KB

.vmp0 Size: - Virtual size: 83KB

.vmp1 Size: 144KB - Virtual size: 143KB

.reloc Size: 512B - Virtual size: 188B

.text
Size: 522KB - Virtual size: 596KB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: - Virtual size: 56KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 11KB

.vmp0
Size: - Virtual size: 83KB

.vmp1
Size: 144KB - Virtual size: 143KB

.reloc
Size: 512B - Virtual size: 188B