37bfc601d4d981703800dba3cfe57e4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37bfc601d4d981703800dba3cfe57e4c_JaffaCakes118
Size

693KB
MD5

37bfc601d4d981703800dba3cfe57e4c
SHA1

9468d2e6b9a9a825cc104091a3179c07c5dae32e
SHA256

87cced32bfda0eca08f9c212dec491baa24efeb2723ae777adac71a90a29ee6b
SHA512

58d779ec0740d87bbb42a82a2ac0ebf2be8c3b1f519a0057e4ee488477875154a3c787a23870ffe8581d53afe28786ffb16a3839f5af07a99a03e9bf4be247d5
SSDEEP

12288:bFUP/4p7NvE3UHXfeFJ9PB32xQrtbbAILXqu16JBOv+jJbCE7ouJVUlZutn:BUPE5E3swjRrEILXqpOyGEbVUlwx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/9ReyeS-Loadder.dll	vmprotect
static1/unpack001/Auto Rank D-S 9Reyes Team.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9ReyeS-Loadder.dll
unpack001/Auto Rank D-S 9Reyes Team.dll

Files

37bfc601d4d981703800dba3cfe57e4c_JaffaCakes118
.rar
9ReyeS-Loadder.dll
.dll windows:4 windows x86 arch:x86

82f4d28786ceec6d5dd1606c8f960fd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

WaitMessage

advapi32

RegOpenKeyExA

oleaut32

GetErrorInfo

version

GetFileVersionInfoA

gdi32

SetWinMetaFileBits

ole32

CoCreateInstance

comctl32

ImageList_GetDragImage

Sections

CODE
Size: - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Rank D-S 9Reyes Team.dll
.dll windows:4 windows x86 arch:x86

5b1f6dbfca54c3937878153fc6c4994a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA

kernel32

LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comctl32

InitCommonControls

shell32

ShellExecuteA

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 942B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82f4d28786ceec6d5dd1606c8f960fd9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

Sections

CODE Size: - Virtual size: 442KB

DATA Size: - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 23KB

.vmp1 Size: - Virtual size: 225KB

.vmp2 Size: 550KB - Virtual size: 549KB

.reloc Size: 512B - Virtual size: 192B

5b1f6dbfca54c3937878153fc6c4994a

Headers

File Characteristics

Imports

user32

kernel32

comctl32

shell32

Sections

.text Size: - Virtual size: 1KB

.rdata Size: - Virtual size: 710B

.data Size: - Virtual size: 764B

.rsrc Size: 67KB - Virtual size: 272KB

.vmp0 Size: - Virtual size: 942B

.vmp1 Size: - Virtual size: 18KB

.vmp2 Size: 128KB - Virtual size: 128KB

.reloc Size: 512B - Virtual size: 156B

CODE
Size: - Virtual size: 442KB

DATA
Size: - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 23KB

.vmp1
Size: - Virtual size: 225KB

.vmp2
Size: 550KB - Virtual size: 549KB

.reloc
Size: 512B - Virtual size: 192B

.text
Size: - Virtual size: 1KB

.rdata
Size: - Virtual size: 710B

.data
Size: - Virtual size: 764B

.rsrc
Size: 67KB - Virtual size: 272KB

.vmp0
Size: - Virtual size: 942B

.vmp1
Size: - Virtual size: 18KB

.vmp2
Size: 128KB - Virtual size: 128KB

.reloc
Size: 512B - Virtual size: 156B