258da86165bbc360b1aa1ebe3f137195_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

258da86165bbc360b1aa1ebe3f137195_JaffaCakes118
Size

953KB
MD5

258da86165bbc360b1aa1ebe3f137195
SHA1

857a435671fd3c57be852de25e5fa431d7c03723
SHA256

65f6074f3175440b05119fc3875f2e1bace3259b046092954c2397628a10ef44
SHA512

74e3aa035aba807bfda3f8ddf148c7b066507c917ba55aa20e06ffee0d6c7100b6b43d1b37f44561eb4c651528c6079a5a24555467eeca1f896439c0f04c0dc4
SSDEEP

24576:iVxQ4yv2c4aLqNdl21mVa8pjWCE72uMIB:dSqmg8ZWH72u9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
258da86165bbc360b1aa1ebe3f137195_JaffaCakes118

Files

258da86165bbc360b1aa1ebe3f137195_JaffaCakes118
.exe windows:5 windows x86 arch:x86

387c3702a610ed4ad459e81a5540c93d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapFileAndCheckSumW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

kernel32

WritePrivateProfileStringW
SetErrorMode
GetStartupInfoW
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
LocalFileTimeToFileTime
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetFileAttributesExW
CreateFileW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
MoveFileW
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetFileSizeEx
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
SetEvent
ResumeThread
GetProfileIntW
GetTickCount
InterlockedIncrement
SystemTimeToFileTime
InterlockedDecrement
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
GetCurrentProcessId
lstrcmpA
CopyFileW
lstrlenA
Sleep
GlobalSize
WideCharToMultiByte
GetModuleHandleW
SetLastError
GlobalReAlloc
GlobalFree
GetNumberFormatW
GetLocaleInfoW
GetVersion
MulDiv
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
WaitForSingleObject
GetLongPathNameW
OpenProcess
lstrcmpW
MultiByteToWideChar
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GlobalAlloc
LocalUnlock
LocalLock
LocalAlloc
GlobalUnlock
GlobalLock
lstrcpynW
lstrcmpiW
SizeofResource
GetPrivateProfileStringW
FreeLibrary
GetProcAddress
LocalFree
FormatMessageW
GetLastError
LoadLibraryW
FreeResource
LockResource
LoadResource
FindResourceW
GetVersionExW
CloseHandle
DeviceIoControl
CreateFileA
GetFileAttributesW
lstrlenW
GetPrivateProfileIntW
GetSystemDefaultLangID
lstrcatW
GetModuleFileNameW
lstrcpyW
GetFileType

user32

CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
SetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
SetWindowPos
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemCount
SetScrollRange
TranslateMessage
PeekMessageW
IsChild
GetActiveWindow
SubtractRect
GetWindow
GetUpdateRect
EndPaint
BeginPaint
SetFocus
MessageBoxW
SetWindowLongW
CreatePopupMenu
ShowWindow
EqualRect
GetDesktopWindow
GetCapture
DispatchMessageW
GetMessageW
UpdateWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetActiveWindow
SetParent
GetClassNameW
GetMenuItemID
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
RegisterWindowMessageW
MapWindowPoints
GetMessagePos
SystemParametersInfoW
GetKeyState
SetScrollPos
GetScrollPos
ShowScrollBar
EnableScrollBar
ValidateRgn
IsRectEmpty
IntersectRect
SetRectEmpty
ReleaseDC
PrintWindow
GetDC
PostQuitMessage
SetForegroundWindow
PostMessageW
SendInput
GetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
CharLowerW
KillTimer
SetTimer
MessageBeep
ReleaseCapture
SetCapture
ValidateRect
GetFocus
InflateRect
ScreenToClient
GetAsyncKeyState
LoadImageW
UnregisterClassW
CharUpperW
SetRect
WindowFromPoint
DestroyMenu
RedrawWindow
RegisterClipboardFormatW
ClientToScreen
GrayStringW
TabbedTextOutW
SendDlgItemMessageA
ScrollDC
WinHelpW
GetSysColorBrush
FillRect
FrameRect
DrawFocusRect
DrawEdge
DrawTextExW
OffsetRect
DrawTextW
LoadBitmapW
GetSystemMetrics
DrawFrameControl
SetCursor
LoadCursorW
PtInRect
GetClientRect
GetParent
InvalidateRect
IsWindow
MapDialogRect
CopyRect
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
wsprintfW
IsWindowVisible
GetWindowTextW
ModifyMenuW
GetSubMenu
LoadMenuW
GetWindowRect
GetSysColor
LoadIconW
EnableWindow
SendMessageW
PostThreadMessageW
SetWindowsHookExW

gdi32

GetBkColor
SelectClipRgn
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleWindowExtEx
DPtoLP
ScaleViewportExtEx
SetBkMode
SetBkColor
GetClipBox
CopyMetaFileW
Polygon
CreatePen
SetTextColor
DeleteObject
GetObjectW
SetViewportExtEx
SetWindowExtEx
CreateFontIndirectW
SetPixel
CreateRectRgnIndirect
FillRgn
CreatePolygonRgn
RestoreDC
CreateFontW
SaveDC
GetDIBits
StretchBlt
GetTextExtentPointW
CreateDIBitmap
Ellipse
GetStockObject
Arc
CreatePatternBrush
Rectangle
StretchDIBits
ExtTextOutW
GetTextExtentPoint32W
LineTo
MoveToEx
DeleteDC
CreateSolidBrush
CreateDIBSection
CreateBitmap
BitBlt
SelectObject
RealizePalette
SelectPalette
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetFileSecurityW
RegSetValueW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
GetFileSecurityW
RegQueryValueW
SetNamedSecurityInfoW
RegDeleteValueW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathCompactPathW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoInitializeEx
CoUninitialize
OleDuplicateData
CoDisconnectObject
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoTaskMemFree
CreateBindCtx
CreateStreamOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemAlloc

oleaut32

LoadTypeLi
VarCyFromStr
VariantCopy
VariantInit
SysAllocString
SysStringLen
VariantChangeType
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VarUdateFromDate
GetActiveObject
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

387c3702a610ed4ad459e81a5540c93d

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 561KB - Virtual size: 561KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 17KB - Virtual size: 38KB

.rsrc Size: 91KB - Virtual size: 90KB

.vmp0 Size: 64KB - Virtual size: 63KB

.vmp1 Size: 66KB - Virtual size: 66KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 561KB - Virtual size: 561KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 17KB - Virtual size: 38KB

.rsrc
Size: 91KB - Virtual size: 90KB

.vmp0
Size: 64KB - Virtual size: 63KB

.vmp1
Size: 66KB - Virtual size: 66KB

.reloc
Size: 36KB - Virtual size: 35KB