1744cedeea1e6acfe65b8cc130b91e4b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1744cedeea1e6acfe65b8cc130b91e4b_JaffaCakes118
Size

944KB
MD5

1744cedeea1e6acfe65b8cc130b91e4b
SHA1

6c98044809c8c93d27f64a365d9a7eb01f09fef5
SHA256

8860455e9f309d55c7c6f0126137a425115493d67a3f3b48a55f4f877385ce47
SHA512

5e9883e1f70ca7e1917b3920d6bf284d387a534c4648d9452e24ff8e4ac997dab97561da4fcc0acc8b93eea8ee6f9f8f64489655cb764193f5f962165b70e1ff
SSDEEP

24576:eTsch29iLK2F0lv0vkD+EweW4uGhOKfxF66Q6iR:IsWF0lHD+zeW4HOQy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1744cedeea1e6acfe65b8cc130b91e4b_JaffaCakes118

Files

1744cedeea1e6acfe65b8cc130b91e4b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

deda768e82d8a5c6e9c022e242ff2153

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetKeyboardState
GetDesktopWindow
GetClassNameA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
keybd_event
mouse_event
SetCursorPos
FindWindowA
SendMessageTimeoutA
EnumDisplaySettingsA
ChangeDisplaySettingsA
SystemParametersInfoA
GetCursorPos
IsRectEmpty
FindWindowExA
GetWindowTextA
GetWindowLongA
PtInRect
CopyImage
PostMessageA
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
SetCursor
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CharUpperA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
LoadBitmapA
GetMessagePos
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
IsDialogMessageA
TrackMouseEvent
DestroyIcon
SetWindowLongW
SetWindowRgn
SetRect
CreateDialogIndirectParamA
SetActiveWindow
EndDialog
UnregisterClassA
LoadStringA
GetDlgCtrlID
SendDlgItemMessageA
GetClassLongW
SetClassLongW
FillRect
GetSysColor
IsIconic
IsZoomed
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
RegisterWindowMessageW
RegisterHotKey
UnregisterHotKey
LoadIconW
RegisterClassExW
GetKeyboardLayout
ReleaseDC
CharUpperW
CharLowerW
GetDC
VkKeyScanExA
LoadImageA
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
GetMenuItemCount
AppendMenuW
SetCapture
GetMessageTime
ReleaseCapture
DestroyMenu
LoadMenuW
GetSystemMenu
CreatePopupMenu
GetWindow
CreateMenu
LoadCursorW
DefMDIChildProcW
SendMessageW
DefWindowProcW
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcW
EndPaint
BeginPaint
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
IsWindow
GetMessageW
DestroyCursor
RemovePropW
GetPropW
SetPropW
MessageBoxW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageW
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetClassNameW
GetDlgItem
GetWindowLongW
WindowFromPoint
CreateWindowExW
CallWindowProcA
SetWindowTextA
SetWindowLongA
GetParent
GetWindowThreadProcessId
EnumWindows
GetMenuCheckMarkDimensions
SendMessageA

kernel32

LoadLibraryExA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
CreateProcessA
GetExitCodeProcess
CreatePipe
GetSystemTimeAsFileTime
MoveFileA
FormatMessageA
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
lstrcpyA
SizeofResource
GetCurrentProcess
WideCharToMultiByte
RtlMoveMemory
lstrcpyn
LocalAlloc
RtlFillMemory
LocalFree
CreateThread
OpenFileMappingA
MapViewOfFile
GetCurrentProcessId
IsBadReadPtr
lstrlenA
VirtualQuery
CreateFileA
DeviceIoControl
CloseHandle
GetCurrentThreadId
CreateRemoteThread
ResumeThread
WaitForSingleObject
lstrcpynA
MultiByteToWideChar
GetModuleHandleW
LoadLibraryW
GetLastError
SuspendThread
GetExitCodeThread
TerminateThread
LocalSize
GetSystemInfo
lstrlenW
lstrcmpW
lstrcmpiW
RtlZeroMemory
VirtualAlloc
VirtualFree
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetVersionExA
GetLocalTime
SetFilePointer
WriteFile
GetEnvironmentVariableA
ReadFile
GetFileSize
GetPrivateProfileStringA
GetTickCount
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
LockResource
LoadResource
FindResourceA
VerLanguageNameA
GlobalAlloc
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
TerminateProcess
InterlockedExchange
OpenProcess
Module32Next
Module32First
GlobalMemoryStatus
GetTempPathA
GetWindowsDirectoryA
CopyFileA
EnumResourceNamesA
GetSystemDirectoryA
CreateDirectoryA
GetProfileStringA
SetLastError
WriteProfileStringA
lstrcatA
WinExec
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
LCMapStringW
GetStringTypeW
GetStringTypeA
GetACP
HeapSize
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
DuplicateHandle
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GetFileTime
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

PathFileExistsA
StrTrimW
PathAppendA
SHDeleteKeyA
SHDeleteValueA

ws2_32

socket
sendto
connect
inet_ntoa
gethostbyname
inet_addr
gethostbyaddr
WSAStartup
gethostname
WSACleanup
htons
closesocket

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectPalette
RealizePalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetPixel
GetDeviceCaps
GetClipBox
AddFontResourceA
EnumFontFamiliesExA
Escape
TextOutA
PtVisible
RectVisible
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
RemoveFontResourceA
ExtTextOutA

comdlg32

PrintDlgA
GetFileTitleA

shell32

SHEmptyRecycleBinA
DragAcceptFiles
Shell_NotifyIconW
DragFinish
DragQueryFileW
ShellExecuteA
SHChangeNotify
SHGetSpecialFolderPathA

atl

ord42

iphlpapi

GetAdaptersInfo
SendARP

mpr

WNetAddConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A

winmm

waveOutGetDevCapsA
mciSendStringA
waveOutGetNumDevs

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winspool.drv

DocumentPropertiesA
ClosePrinter
SetPrinterA
OpenPrinterA
EnumPrintersA
GetPrinterA

advapi32

RegCloseKey
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
SetSecurityDescriptorDacl
RegDeleteKeyA
RegCreateKeyA

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

DeleteUrlCacheEntry
InternetCloseHandle
InternetOpenUrlA
InternetGetConnectedState
InternetOpenA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

Exports

Exports

???��1��
D
Search
autosearchpathmap

Sections

.text
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 932KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

deda768e82d8a5c6e9c022e242ff2153

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

ws2_32

gdi32

comdlg32

shell32

atl

iphlpapi

mpr

winmm

version

winspool.drv

advapi32

comctl32

ole32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 940KB

.rdata Size: - Virtual size: 53KB

.data Size: - Virtual size: 236KB

.rsrc Size: 4KB - Virtual size: 664B

.vmp0 Size: - Virtual size: 46KB

.vmp1 Size: - Virtual size: 406KB

.vmp2 Size: 932KB - Virtual size: 929KB

.reloc Size: 4KB - Virtual size: 108B

.text
Size: - Virtual size: 940KB

.rdata
Size: - Virtual size: 53KB

.data
Size: - Virtual size: 236KB

.rsrc
Size: 4KB - Virtual size: 664B

.vmp0
Size: - Virtual size: 46KB

.vmp1
Size: - Virtual size: 406KB

.vmp2
Size: 932KB - Virtual size: 929KB

.reloc
Size: 4KB - Virtual size: 108B