39a1f60a4b9dd30e53076ea44075df4f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39a1f60a4b9dd30e53076ea44075df4f_JaffaCakes118
Size

1.7MB
MD5

39a1f60a4b9dd30e53076ea44075df4f
SHA1

94203fc4e983a2c65fd717435b6ee5127685478a
SHA256

adfbbfb2ad5eba83d6d3bb9fd501a9c8274d8536a61ac0c0eae1cfd19eb71060
SHA512

1c9924df03ec0e6f17d06a986b8f45c42374ac833869cd66ff082020ffb207cce7d384603c5a38bebcfa1800e75a6584c88c3306e856a0f08a3eb31124f7ae40
SSDEEP

24576:jpd3NZh8uu1y0rxKrmeV2aEDD26+qTyAFXgx75Nad103sCG/FGhYDOaQ7I9:tRh8uBhmeVqabQC5rG9ZQ7I

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39a1f60a4b9dd30e53076ea44075df4f_JaffaCakes118

Files

39a1f60a4b9dd30e53076ea44075df4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf9ca2b4ddc6ac9ca136902d3f07af82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite

ws2_32

closesocket

kernel32

TerminateProcess
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

DrawEdge

gdi32

CreateRectRgnIndirect

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantTimeToSystemTime

comctl32

ord17

oledlg

ord8

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf9ca2b4ddc6ac9ca136902d3f07af82

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 485KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 259KB

.rsrc Size: 104KB - Virtual size: 117KB

.vmp0 Size: - Virtual size: 373KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.text
Size: - Virtual size: 485KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 259KB

.rsrc
Size: 104KB - Virtual size: 117KB

.vmp0
Size: - Virtual size: 373KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.6MB - Virtual size: 1.6MB