3b473d41c8a74d3b9d0d0e7441b40efb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3b473d41c8a74d3b9d0d0e7441b40efb_JaffaCakes118
Size

2.7MB
MD5

3b473d41c8a74d3b9d0d0e7441b40efb
SHA1

0d908471fa2b44982b390f4c619ae6d8ad4328d4
SHA256

b5bde560cdf02a6a491011f0a367776c666398bf9961cc7f43e655309ed46390
SHA512

8b2aeb88b3fa91c03373827318f8938b24ca8b16428ff7147993d0973f819e93fca44dc16f9f2aa558cea0191a89d77bbbd7a97d9aeeee825a0453dd226ce701
SSDEEP

49152:P1la5Xcg50BhEDY2RbmniONFYdFHWUjYUju:P1kig6/QbmtNFmDjLju

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/v2009/data/MFC42.dll	vmprotect
static1/unpack001/v2009/data/RPHOQ.dll	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v2009/IconCreater.exe
unpack001/v2009/data/MFC42.dll
unpack001/v2009/data/RPHOQ.dll

Files

3b473d41c8a74d3b9d0d0e7441b40efb_JaffaCakes118
.rar
v2009/IconCreater.exe
.exe windows:4 windows x86 arch:x86

d88039e15f2835e9959972509b1475c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
CreateFileA
SetFilePointer
SetEndOfFile
SetStdHandle
VirtualAlloc
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
RtlUnwind
VirtualFree
HeapFree
LCMapStringA
MultiByteToWideChar
GetCurrentDirectoryA
FlushFileBuffers
CreateProcessA
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
LCMapStringW

user32

LoadStringA
LoadAcceleratorsA
EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
CreateWindowExA
GetDesktopWindow
wsprintfA
MessageBoxA
LoadCursorA
RegisterClassExA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2009/Japanese.gts
v2009/Korean.gts
v2009/data/MFC42.dll
.dll windows:4 windows x86 arch:x86

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

closesocket

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
ResumeThread
SuspendThread
LoadLibraryA
GetCommandLineA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CloseHandle
SetEnvironmentVariableA
OpenThread
TlsAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
ExitProcess
TerminateProcess
GetCurrentProcess
ExitThread
CreateThread
GetVersionExA
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapAlloc
DeleteCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
CreateFileA
InitializeCriticalSection
MultiByteToWideChar
GetSystemInfo
ReadFile
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetEndOfFile

user32

SetWindowsHookExA
CallNextHookEx
EnumDisplaySettingsA
ChangeDisplaySettingsA
ShowWindow
SetFocus
MessageBoxA
GetForegroundWindow
PostMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA

Exports

Exports

_pRecv
_pRecv1
_pSend

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2009/data/RPHOQ.dll
.dll windows:4 windows x86 arch:x86

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

closesocket

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
ResumeThread
SuspendThread
LoadLibraryA
GetCommandLineA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CloseHandle
SetEnvironmentVariableA
OpenThread
TlsAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
ExitProcess
TerminateProcess
GetCurrentProcess
ExitThread
CreateThread
GetVersionExA
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapAlloc
DeleteCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
CreateFileA
InitializeCriticalSection
MultiByteToWideChar
GetSystemInfo
ReadFile
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetEndOfFile

user32

SetWindowsHookExA
CallNextHookEx
EnumDisplaySettingsA
ChangeDisplaySettingsA
ShowWindow
SetFocus
MessageBoxA
GetForegroundWindow
PostMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA

Exports

Exports

_pRecv
_pRecv1
_pSend

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2009/data/gersangcn.ini
v2009/data/gersangjp.ini
v2009/data/skin
v2009/hq
v2009/巨商自動跑商巨商自動消工外掛.url
.url
v2009/循環跑商腳本/循環跑商腳本1.wol
v2009/循環跑商腳本/循環跑商腳本2.wol
v2009/循環跑商腳本/自動跑商繳本3.wol
v2009/當前地圖戰鬥.wol

Sharing

General

Malware Config

Signatures

Files

d88039e15f2835e9959972509b1475c3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 4KB

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 5.2MB

mydata Size: 4KB - Virtual size: 1KB

.vmp0 Size: 24KB - Virtual size: 23KB

.vmp1 Size: 88KB - Virtual size: 85KB

.reloc Size: 12KB - Virtual size: 9KB

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 5.2MB

mydata Size: 4KB - Virtual size: 1KB

.vmp0 Size: 24KB - Virtual size: 23KB

.vmp1 Size: 88KB - Virtual size: 85KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 5.2MB

mydata
Size: 4KB - Virtual size: 1KB

.vmp0
Size: 24KB - Virtual size: 23KB

.vmp1
Size: 88KB - Virtual size: 85KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 5.2MB

mydata
Size: 4KB - Virtual size: 1KB

.vmp0
Size: 24KB - Virtual size: 23KB

.vmp1
Size: 88KB - Virtual size: 85KB

.reloc
Size: 12KB - Virtual size: 9KB