2c0f0044cc3d4654150d7db9bf512bbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c0f0044cc3d4654150d7db9bf512bbd_JaffaCakes118
Size

1.7MB
MD5

2c0f0044cc3d4654150d7db9bf512bbd
SHA1

606d5cfc42aabfbf283124483e9630df3bb5d126
SHA256

7eecc915d941be7448b9d39735ea1676cc8abcd8f152470786a37e0a48f018f8
SHA512

dbd06ad2c3a4e91aa8fe6b025a08e12c04928de76ad41bb6d3ef1fb730f8715714bc9a04f73c03798f2d54950a4f6209d35c4304dd90d26603442ba529c93ee4
SSDEEP

49152:GfD4S46IHTr5V8YV/ckSTpdp9CqAl37xphOIU:U4S464hVrV0VTpvMlLxOIU

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/跑跑卡丁车魔虐辅助10/魔虐全自动零秒{秒杀挑战-冠军}.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/跑跑卡丁车魔虐辅助10/魔虐全自动零秒{秒杀挑战-冠军}.exe

Files

2c0f0044cc3d4654150d7db9bf512bbd_JaffaCakes118
.rar
跑跑卡丁车魔虐辅助10/下载说明.txt
跑跑卡丁车魔虐辅助10/华彩联盟论坛.url
.url
跑跑卡丁车魔虐辅助10/华彩软件站-使用必读.url
.url
跑跑卡丁车魔虐辅助10/魔虐全自动零秒{秒杀挑战-冠军}.exe
.exe windows:4 windows x86 arch:x86

6069b65828dbe97e48c4c951c0317e19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

IsBadReadPtr
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMenu

gdi32

BitBlt

winmm

midiStreamOut

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

inet_ntoa

wininet

InternetOpenA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6069b65828dbe97e48c4c951c0317e19

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 487KB

.rdata Size: - Virtual size: 1.4MB

.data Size: - Virtual size: 206KB

.vmp0 Size: - Virtual size: 833KB

.vmp1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 24KB - Virtual size: 36KB

.text
Size: - Virtual size: 487KB

.rdata
Size: - Virtual size: 1.4MB

.data
Size: - Virtual size: 206KB

.vmp0
Size: - Virtual size: 833KB

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 24KB - Virtual size: 36KB