17d41d61c322e3a00e92a82d5c94c4d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17d41d61c322e3a00e92a82d5c94c4d7_JaffaCakes118
Size

64KB
MD5

17d41d61c322e3a00e92a82d5c94c4d7
SHA1

1c134bc6f94836a82727e8ee6470505c407e3633
SHA256

d72a23785411cb29887655f35ad7ccbdb5e641e7878c7b940fb42ebad419b471
SHA512

34a0485018f4f06463d00076df7e1e18ab8454268033f3f23dfb4c248aadeec4c5b272ec4312ec9c199ace9125a8f41d8f1c389f8925b0576d0e83207371f2cc
SSDEEP

768:zSBZ2taOUGGTYqXIpm11g6DN18QBvWMr5TobOIinbLdUEeKmPbaf80TQY+vXlyEx:eP2tBG/DXvWM4cbLdUE38baf80tEx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17d41d61c322e3a00e92a82d5c94c4d7_JaffaCakes118

Files

17d41d61c322e3a00e92a82d5c94c4d7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9272497d7204d7286fe5b5d0c1c7c18b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4129
ord940
ord858
ord537
ord941
ord803
ord543
ord3584
ord540
ord800
ord2818
ord2614
ord860
ord354
ord5186
ord3318
ord825
ord5773
ord5442
ord1979
ord665
ord823

msvcrt

_adjust_fdiv
_initterm
_onexit
_itoa
_strcmpi
strstr
_strlwr
free
wcscmp
malloc
atoi
strchr
_except_handler3
_mbscmp
__dllonexit
sprintf

kernel32

GetCurrentDirectoryA
GetWindowsDirectoryA
CopyFileA
DeleteFileA
MoveFileExA
CreateToolhelp32Snapshot
CreateThread
OpenProcess
TerminateProcess
lstrcmpiA
Process32Next
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringA
GetModuleFileNameA
MultiByteToWideChar
GetSystemDirectoryA
TerminateThread
IsBadReadPtr
WaitForSingleObject
ExitThread
Process32First
GetCurrentProcess
WinExec
GetTempPathA
GetModuleHandleA
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
VirtualFree
DeleteCriticalSection
WriteFile
SetFilePointer
ReadFile
CreateFileA
CloseHandle
Sleep
VirtualProtect

user32

EnumWindows
IsWindowVisible
GetWindowTextA
GetSystemMetrics
GetDesktopWindow
ShowWindow
SetWindowPos
GetWindowDC
GetWindowRect
wsprintfA

gdi32

CreateCompatibleDC
SelectObject
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
BitBlt

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA

ws2_32

WSAStartup
ioctlsocket
closesocket
socket
htons
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
inet_addr

gdiplus

GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipScaleWorldTransform
GdipDrawImageI
GdipSaveImageToFile
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

Exports

Exports

St

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9272497d7204d7286fe5b5d0c1c7c18b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ws2_32

gdiplus

wininet

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.vmp0 Size: 4KB - Virtual size: 1KB

.vmp1 Size: 24KB - Virtual size: 20KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.vmp0
Size: 4KB - Virtual size: 1KB

.vmp1
Size: 24KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 1KB