3df02300e9ae0ad68b820e8a5e079de0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3df02300e9ae0ad68b820e8a5e079de0_JaffaCakes118
Size

1.5MB
MD5

3df02300e9ae0ad68b820e8a5e079de0
SHA1

9da2d684c22c327eb89aa772548c0341f176f27f
SHA256

a9b2d85ba3e08f87f320e3208e44d8081b3815fa0cfc65f94ce1f6233505e21d
SHA512

e88c0e5eb03ee530295cc627cb05695c9e113468bce03977c7db321ba710f83a34babc8d3d56bf70e6ae3c865c079e459ec4e307047b41a50d1964760ce5b260
SSDEEP

49152:SFpGIvKmBd7UI0yU6mw8eQK/cUU257bc0yuE9+fQgWBzN:OpG96wUzERfibWD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3df02300e9ae0ad68b820e8a5e079de0_JaffaCakes118

Files

3df02300e9ae0ad68b820e8a5e079de0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c1615d3836a7cf42721703d518ee8ce9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

recvfrom

version

VerLanguageNameA

kernel32

GetVersionExA
GetVersion
CreateEventW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowLongA

gdi32

SetPolyFillMode

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

StgOpenStorageOnILockBytes

oleaut32

SysAllocStringLen

comctl32

ImageList_GetImageInfo

oledlg

ord8

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1615d3836a7cf42721703d518ee8ce9

Headers

File Characteristics

Imports

winmm

ws2_32

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 837KB

.rdata Size: - Virtual size: 126KB

.data Size: - Virtual size: 252KB

.vmp0 Size: - Virtual size: 1.0MB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: - Virtual size: 837KB

.rdata
Size: - Virtual size: 126KB

.data
Size: - Virtual size: 252KB

.vmp0
Size: - Virtual size: 1.0MB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 8KB - Virtual size: 5KB