3a1560d42716e13e2dc160d2a0839dbf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a1560d42716e13e2dc160d2a0839dbf_JaffaCakes118
Size

2.9MB
MD5

3a1560d42716e13e2dc160d2a0839dbf
SHA1

cf1d79e08244948e8982b0bda220eefd7919996e
SHA256

770bef7d9f147743fa8b13eccdc814ad4a3ae742ccd599cbc2932169dc32462e
SHA512

d667fcf15b87f000679de9d5ce86bf58af5e220869a70b6e2be8904cd370084601fd8cb2430bf8cf13956125e3c76d1c94bcd7b480b3d179fcf71f68eb19053d
SSDEEP

49152:Y5y/yKPKAzsbxGGf2IWnK2sUHMOBYqwR5NeP889esN:Yoq64V12g5gwq88wu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a1560d42716e13e2dc160d2a0839dbf_JaffaCakes118

Files

3a1560d42716e13e2dc160d2a0839dbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9fcc7f2e2447e09d52e55dbd619f914

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapValidate
Process32Next
GetProfileStringA
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
WriteFile
SetFilePointer
CreateFileA
GetSystemDirectoryA
Sleep
CreateProcessA
CopyFileA
GetCurrentDirectoryA
lstrlenA
ExitProcess
GetTickCount
DeleteFileA
lstrcpynA
FreeResource
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GetLastError
GlobalLock
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
FreeLibrary
LoadLibraryA
SetThreadPriority
GetThreadPriority
ResumeThread
SuspendThread
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
GetModuleFileNameA
FindClose
SetLastError
FindFirstFileA
FindNextFileA
GetThreadLocale
GetCurrentThread
lstrcmpA
GlobalAlloc
WaitForSingleObject
SetEvent
CreateEventA
MulDiv
DuplicateHandle
GetCurrentProcess
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetShortPathNameA
GlobalFlags
GetPrivateProfileIntA
IsBadStringPtrW
IsBadStringPtrA
IsBadWritePtr
IsBadReadPtr
SizeofResource
GetProcessVersion
GetCPInfo
GetOEMCP
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualProtect
GetProfileIntA
OutputDebugStringA
lstrlenW
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
SetErrorMode
FindResourceExA
GlobalSize
GetTempFileNameA
GetDiskFreeSpaceA
lstrcpyW
RtlUnwind
CloseHandle
GetStartupInfoA
GetCommandLineA
RaiseException
DebugBreak
GetStdHandle
CreateThread
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
FatalAppExitA
HeapAlloc
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetConsoleCtrlHandler
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW

user32

RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
EnableWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetSystemMetrics
wsprintfA
FindWindowA
ShowWindow
SetFocus
GetFocus
DispatchMessageA
PeekMessageA
GetSysColor
MapWindowPoints
GetClientRect
SendDlgItemMessageA
LoadIconA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsClipboardFormatAvailable
InSendMessage
DestroyIcon
RegisterClipboardFormatA
MessageBeep
GetWindowThreadProcessId
WaitMessage
CopyAcceleratorTableA
ReuseDDElParam
TranslateAcceleratorA
LoadAcceleratorsA
LoadStringA
DestroyCursor
SetCursorPos
ReleaseCapture
GetAsyncKeyState
DestroyMenu
UnpackDDElParam
GetClipboardFormatNameA
GetDialogBaseUnits
CharUpperA
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
SetWindowPos
GrayStringA
GetTabbedTextExtentA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
CallWindowProcA
SubtractRect
UnionRect
InflateRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
GetMessageA
TranslateMessage
GetCursorPos
SetCursor
PostQuitMessage
CharNextA
wvsprintfA
OemToCharA
CharToOemA
TabbedTextOutA
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
OpenIcon
CloseWindow
LoadCursorA
PostThreadMessageA
MapDialogRect
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
ScrollWindowEx
UnregisterClassA
DefDlgProcA
IsWindowUnicode
IsDialogMessageA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
FlashWindow
WindowFromPoint
SetParent
GetLastActivePopup
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
SetCapture
SetWindowLongA
GetMessagePos
GetMessageTime
DefWindowProcA
ScrollDC
RemovePropA
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
PostMessageA
MoveWindow
SetWindowTextA
GetDlgCtrlID
GetClassNameA
SendMessageA
GetKeyState
GetWindowTextA
GetWindowTextLengthA
SetWindowPlacement
TrackPopupMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetWindow
GetParent
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
ScreenToClient
GetSysColorBrush
AdjustWindowRectEx
IsDlgButtonChecked

gdi32

GetObjectA
GetTextExtentPointA
DeleteMetaFile
CopyMetaFileA
EnumFontFamiliesExA
StretchDIBits
PlayMetaFile
EnumMetaFile
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
GetClipRgn
DeleteObject
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
RestoreDC
SaveDC
DeleteDC
PlayEnhMetaFile
GdiComment
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
GetPath
GetMiterLimit
FlattenPath
FillPath
EndPath
CloseFigure
BeginPath
AbortPath
GetCharWidthFloatA
GetCharABCWidthsFloatA
ExtEscape
DrawEscape
PolyBezier
GetCurrentObject
GetColorAdjustment
PolyPolyline
GetArcDirection
AngleArc
SetPixelV
PlgBlt
MaskBlt
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
GetGlyphOutlineA
GetKerningPairsA
GetFontData
GetCharABCWidthsA
GetOutlineTextMetricsA
ResetDCA
GetBoundsRect
SetBoundsRect
Escape
GetAspectRatioFilterEx
GetCharWidthA
GetTextCharacterExtra
GetTextMetricsA
GetTextFaceA
GetTextAlign
GetTextExtentPoint32A
TextOutA
ExtFloodFill
FloodFill
SetPixel
GetPixel
StretchBlt
BitBlt
PatBlt
RoundRect
Rectangle
PolyPolygon
Polygon
Pie
Ellipse
Chord
Polyline
Arc
GetCurrentPositionEx
RectVisible
PtVisible
PaintRgn
InvertRgn
FrameRgn
FillRgn
LPtoDP
DPtoLP
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetMapMode
GetTextColor
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetBkColor
UpdateColors
RealizePalette
GetNearestColor
SelectObject
EnumObjects
SetBrushOrgEx
GetBrushOrgEx
GetDeviceCaps
CreateCompatibleDC
CreateICA
CreateDCA
RectInRegion
PtInRegion
GetRgnBox
OffsetRgn
EqualRgn
CombineRgn
SetRectRgn
GetRegionData
ExtCreateRegion
PathToRegion
CreateRoundRectRgn
CreatePolyPolygonRgn
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateRectRgnIndirect
CreateRectRgn
ResizePalette
GetNearestPaletteIndex
AnimatePalette
SetPaletteEntries
GetPaletteEntries
CreateHalftonePalette
CreatePalette
CreateDiscardableBitmap
CreateCompatibleBitmap
GetBitmapDimensionEx
SetBitmapDimensionEx
GetBitmapBits
SetBitmapBits
CreateBitmapIndirect
CreateFontA
CreateFontIndirectA
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBrushIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePenIndirect
CreatePen
GetObjectType
UnrealizeObject
GetStockObject
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA
CreateBitmap
CreateDIBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx

comdlg32

PrintDlgA
PageSetupDlgA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
CommDlgExtendedError

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegEnumKeyA
RegCreateKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyA

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
DragAcceptFiles
ExtractIconA

comctl32

ImageList_GetImageInfo
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_BeginDrag
ImageList_Add
ImageList_GetImageCount
ord14
ImageList_Write
ImageList_Read
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord13
ord17
ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_DragEnter
ImageList_DragLeave
ord8
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_AddMasked

oledlg

ord3
ord7
ord6
ord5
ord9
ord4
ord8

ole32

OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
OleSetMenuDescriptor
DoDragDrop
OleRegEnumVerbs
OleRegGetMiscStatus
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateOleAdviseHolder
CreateDataAdviseHolder
OleTranslateAccelerator
IsAccelerator
GetRunningObjectTable
CoLockObjectExternal
OleInitialize
ReleaseStgMedium
CoTreatAsClass
GetClassFile
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
OleIsRunning
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
OleSaveToStream
WriteClassStm
OleGetIconOfClass
GetHGlobalFromILockBytes
StgIsStorageILockBytes
CreateFileMoniker
CreateGenericComposite
CreateItemMoniker
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateLinkFromData
OleSave
OleCreate
OleLoad
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleCreateFromData
OleSetContainedObject
OleLockRunning
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoGetMalloc
WriteClassStg
CreateStreamOnHGlobal
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
StringFromCLSID
OleUninitialize

olepro32

ord253

oleaut32

SafeArrayCreate
SysFreeString
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
VariantTimeToSystemTime
VariantCopy
SysReAllocStringLen
DosDateTimeToVariantTime
SafeArrayGetDim
SafeArrayGetElemsize
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
LoadTypeLi

ws2_32

connect
send
gethostbyname
htons
socket
closesocket
recv
WSAStartup

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetGetConnectedState
InternetOpenUrlA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fcc7f2e2447e09d52e55dbd619f914

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

wininet

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 84KB - Virtual size: 101KB

.idata Size: 24KB - Virtual size: 23KB

.vmp1 Size: 24KB - Virtual size: 21KB

.vmp0 Size: 80KB - Virtual size: 76KB

.vmp2 Size: 812KB - Virtual size: 811KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 84KB - Virtual size: 101KB

.idata
Size: 24KB - Virtual size: 23KB

.vmp1
Size: 24KB - Virtual size: 21KB

.vmp0
Size: 80KB - Virtual size: 76KB

.vmp2
Size: 812KB - Virtual size: 811KB

.rsrc
Size: 20KB - Virtual size: 17KB