2d4f5bdf31aab9b05633675fe8fbad86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d4f5bdf31aab9b05633675fe8fbad86_JaffaCakes118
Size

995KB
MD5

2d4f5bdf31aab9b05633675fe8fbad86
SHA1

3efdb7c34d3d732ec432144880f316fe2595e0a8
SHA256

7a26279ddd0f928c01bfc19ebfd32356b7c91b1b75e6769a1edd6edb1b249653
SHA512

d22d14e3ac395547ce94275b6e5a26e41d2b82794704763ef0f5f9a5d62c3beffb1dc1c925a62605440f1d3941c543a961d528ce21df85f99f36f2326315d05e
SSDEEP

12288:flN2/b42jZIPqKf4Bh0zwEc+gZlkRoSFbMp13wx/2EWzq6M2YtUdwP3C3pFmj:fL2ljZI/faui+IlkRBKpwx/2EkRACmj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d4f5bdf31aab9b05633675fe8fbad86_JaffaCakes118

Files

2d4f5bdf31aab9b05633675fe8fbad86_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f94f111a54c1e2c49fa78c703a4f0296

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

UnregisterClassA

gdi32

StretchBlt

winmm

waveOutOpen

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

recv

comdlg32

GetOpenFileNameA

Exports

Exports

D��?��?
_��?��1_?��?��??t
_��?��2_?��?��??t
run

Sections

.text
Size: - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 772KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94f111a54c1e2c49fa78c703a4f0296

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 459KB

.rdata Size: - Virtual size: 68KB

.data Size: - Virtual size: 121KB

.rsrc Size: 16KB - Virtual size: 30KB

.vmp0 Size: - Virtual size: 63KB

.vmp1 Size: - Virtual size: 457KB

.vmp2 Size: 772KB - Virtual size: 768KB

.reloc Size: 4KB - Virtual size: 160B

.text
Size: - Virtual size: 459KB

.rdata
Size: - Virtual size: 68KB

.data
Size: - Virtual size: 121KB

.rsrc
Size: 16KB - Virtual size: 30KB

.vmp0
Size: - Virtual size: 63KB

.vmp1
Size: - Virtual size: 457KB

.vmp2
Size: 772KB - Virtual size: 768KB

.reloc
Size: 4KB - Virtual size: 160B