41a49f59ee30d132b4d4745ae5a1a93f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41a49f59ee30d132b4d4745ae5a1a93f_JaffaCakes118
Size

1.6MB
MD5

41a49f59ee30d132b4d4745ae5a1a93f
SHA1

f657b3a9d865f18816c2cfc2a4293310984a3451
SHA256

9bd0f61f8d36616a94690bad929ff9a83a644baa71e2c61a7ba640d8306b41f1
SHA512

f80874e311452035022e8c5715636c5c3755445fc08ffe34dcdab3802b51e99324ddbb0a0dc4a2e3a4bfefa14760d4c840ce4cd07fdbbfb755ac977e5512b137
SSDEEP

49152:4uIEwEwUurD5PjkoEOuNnE+QNeXPVzOGylKbmssE:4uBwdrlgoELNE+RPVVmss

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41a49f59ee30d132b4d4745ae5a1a93f_JaffaCakes118

Files

41a49f59ee30d132b4d4745ae5a1a93f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3872812689f75a22c704be18777c95ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOpen

ws2_32

inet_ntoa

kernel32

GetCurrentProcess
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawFrameControl
MessageBoxA

gdi32

StartPage

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

comdlg32

GetOpenFileNameA

Exports

Exports

��d�!?]x�=!K�/G;Iʂ�m�e_U��:#!|��~+�%�*z=3�JHU�ę�d��r��{��A3=�Xn��2 v>��H��߸��$�$~?e��# -��s� �=��ZU:c��(��C_�vF��ѿV��p�S��t��d��bi�tڃ�J��0՜|��8�E�o@e��+4�f��`��a.ic��'d��c�hK��_�/8��<��q�F�>��G3��D��I番��V^�0l�ӡ��ӝ��j��#>��ED��\�4{)��kQ&n�,R��Gt(��Awdw��cDK5H�U��Z�QIK�~��a+ߘO��x n��v�\�Z"�j1|~��-*˿[�y��q��;�u2��Tb�4��W�/�L��n��C��%�;�.��>%O�r��Uk��B>iK�ۻA��PA!��p��-�(DCpBNcU��'Kw��!�?~$�Nͷ��|��+��y��v�z�3d��7�y��UFp�k��)�� d�<h1��H̨u��P��=��^��T��wŊ9bQ;�i�GjAm��UĴ��I�ܳyXٔ��⃔P^��o��(tv��#�`�ϴ��Ƃ:�w��}$�X��V��Dt%��K �y�K��l��ˡX��\�`F�]� A+��Ih:hXZQ��_G�� m6g�z��P4fc�u.�9��s8T2�u mU\P��!�p��$�0��t��m'B��{s8��Vw�e��urK�j��&��z��e��W��F'�67w6�C��M!i��l ��`_�daj��ܨ�Av�gڂǟ�߾B��A��jH�#�C-I5��-�t'��VuF�}�b+��&��;&��o!��sA �25��~��.��8,ce�!aUxpASo�x�M�U��v�/��i��ʽ��F ��"��e�03L ࿸��b{�Y��`k1l@O)M f_Ja��|�ޗ��@(}��n��꺎�@�Rl:&.��1�p|��eoy=��"].�m��J1'��s��R?W&w�%�gk�u��k��)�p�5#T`�D�Fa_�r|G�FO��#�X��N?CY$]�1=��g7��4�$�`�g��j�)8��$��z�&:�� +\��W��=�~5�wͻht��f3��_II��m_��{f��]�w�·v�QK��k.�G�B]x7J��E%��I��߽�v�}Ti79��U؝��7W��x4�+��*��N"��&��)��1��l�_�f-��'?U�j�,��6��6�K94�ͰP2"w��3��5A��%uK5��l�A�=u�?��8x��4C:+�X��[S{4�� ~t�R>4m�*��Qz��p��S\P# ��L�� j%�!�M��&�_�֏�)(>�}��3"q��)�Br�_G =0��t�~��9�'��f,��!em}�ү��J��9!Z P��*�ɂ#��[i��PtYs,��9�(��S�� 6��A�(��&��=��}O��i�~�?��C��z/+��E�ZQ�%�J��6��.�iڭ�`S~Z-�RK� �4H4�Wlh�=��Ւ42�c2]<$M'uT+2q�9Z�j��YH4\��E�0��H��l��> r�H��r弱"��N�j��aW��|ݎ�m'Is��d�8��S��-��z��_��ù�w�{=%xڲxk�q�+2,�qQ簕�g��O�� ^�N�%�@��E0[ !��! u)�C�A{��l5"?�.뉢�!�瞤�7�� -� �� RXU�wU��k��˄�<�Y�K�&+�� D�ΐ��PľmAs�+o��Jn��i#U`��_��!g��>R�W��]A��k�Q�+e.��yɶ�~� �d��'}�g��@�2ř��~d{M�ӻ�/n~�x�E��d�+,��Q��D��<o�u�O�(a��b �R:��*��U��9��%Ǘ�~JVl ��C��i��qҳ� n�(�I��1!�DՈK�UDuG�4F�"G�V#w�)�j��. ��L=��k[�&M9��a3��*�Y*0a��`�� 6��p �m �s��&r��3l��:Z,-�4*�{_؇!y%~�~SHh��ւ�/�lm�z��>��S ��|��{�5;�ea�E8`8�h��o�X��l�j+hX��d��_�a%QRYH�u]ؠv[kӈ(��Wu4��Vh"V:��sj�I�n�ҫ1`��{G�Ms��AL��G��8�� :�P��ET��Z�� ;�J��{�J��\��̾5*7lp��W}�x�Ѳ��A�~Ug��h�O�ӎ"hW��5N42}�1��wl��"/��ñ��`��IpP ��y�mM�3�7��.<�TNl��+��0=��ŕ��d�^��T��T�5[��D$��x�Ϯ�� D�6��YF!SE�f�� o��Ʈ�. �ɦ��Ch5nK��Ƴ5$3��:|ϷTn�r*�L8�<,�&��2��ڟ�C��"�P.��)ϋ� 뚌eq��>��(?C4��=��q�H��+_�xCE��q�k/��G>�"6[k�}�>��xGR�4B=�$�'�\^%��i��I�`N�Ba�e��>]��c�1~�7)9��-��x�;�Ҝ��_�8�v�[K��́.ڵA[��ϭ(WN��H-��M�$�pm�K��(��Z� �ju]�e��t��C?��i\��R�M��cO��A� �S��6��*�� z��M��P�� ax�n�V��[�DP�˳�i��]!��wew�s��/F�

Sections

.text
Size: - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3872812689f75a22c704be18777c95ca

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 453KB

.rdata Size: - Virtual size: 919KB

.data Size: - Virtual size: 219KB

.rsrc Size: 36KB - Virtual size: 49KB

.vmp0 Size: - Virtual size: 397KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.text
Size: - Virtual size: 453KB

.rdata
Size: - Virtual size: 919KB

.data
Size: - Virtual size: 219KB

.rsrc
Size: 36KB - Virtual size: 49KB

.vmp0
Size: - Virtual size: 397KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.6MB - Virtual size: 1.6MB