2730101edf441cfef642379da6a9a602_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2730101edf441cfef642379da6a9a602_JaffaCakes118
Size

182KB
MD5

2730101edf441cfef642379da6a9a602
SHA1

894ede1ba79963aed22402ce4559acea5a4b5e17
SHA256

19b04470d99f4682c917b7a41f2061a8fc18e98cce3beac81c8624ca3c5e7c5b
SHA512

5bc17b830ab7d4551697f71ef58de073f4e2c2aeb3bda21d739eae3c75343f5f8925310a9e817620e405bed7bbfba0952ae7122df19fc2be67e40b5bb0bbde31
SSDEEP

3072:67/cfJJx11kRk0fziCZlZ/ugRpYCeqYEVluB0LXLpoDRb7fcLsBqUU5:W/cfZ11klxu+7ePBCLWD5fFBnU5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2730101edf441cfef642379da6a9a602_JaffaCakes118

Files

2730101edf441cfef642379da6a9a602_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e802cea0c0750e9de8679f229cc662de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
ReadFile
SetFilePointer
SetLastError
GetFileAttributesA
SetFileTime
GetSystemDirectoryA
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
SizeofResource
WriteFile
lstrlenA
FreeResource
MultiByteToWideChar
WideCharToMultiByte
GetVersion
LoadLibraryA
FreeLibrary
CreateRemoteThread
WaitForSingleObject
HeapFree
OpenProcess
CloseHandle
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
GetWindowsDirectoryA
MoveFileExA
CopyFileA
DeleteFileA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
ExitProcess
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
lstrcmpA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetMessageA
MessageBoxA
wsprintfA
PostThreadMessageA
GetInputState
MessageBoxA

advapi32

AddAce
ControlService
StartServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
ChangeServiceConfigA
LockServiceDatabase
GetUserNameA
CreateServiceA
UnlockServiceDatabase

msvcrt

_XcptFilter
_strcmpi
_except_handler3
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
strncmp
strtoul
isdigit
__CxxFrameHandler
_CxxThrowException
strstr
??1type_info@@UAE@XZ
_exit
_strlwr
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

netapi32

NetUserGetLocalGroups
NetApiBufferFree

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e802cea0c0750e9de8679f229cc662de

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: - Virtual size: 12KB

.rsrc Size: 23KB - Virtual size: 140KB

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: 157KB - Virtual size: 157KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: - Virtual size: 12KB

.rsrc
Size: 23KB - Virtual size: 140KB

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: 157KB - Virtual size: 157KB

.reloc
Size: 512B - Virtual size: 108B