44c627c6ed89262d0e6a1d3d93e55755_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44c627c6ed89262d0e6a1d3d93e55755_JaffaCakes118
Size

304KB
MD5

44c627c6ed89262d0e6a1d3d93e55755
SHA1

8132871769433f2dea16b9a2e46e5390be7f78d4
SHA256

797949a45e724f6cf6b0c40b52e783ee91711da7ef429515cfbdd5c279b0fc12
SHA512

bfafc8f20672f3d45428d5beec5b9d5e2560c7aa35545f30cb8cd391b385c09a87c8de07cb10d4763b2d570317a5c8ab16bd9e2475d32e77c88eb6029ebca615
SSDEEP

6144:1ncTQtnnEfPhA8acP2Lo/y6v1XrK+2chRw8VO:RcE5Efsc+LoztXm+z/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c627c6ed89262d0e6a1d3d93e55755_JaffaCakes118

Files

44c627c6ed89262d0e6a1d3d93e55755_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c78ffd8fc0321804be9f85f66053605

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetFileType
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
HeapSize
HeapReAlloc
GetACP
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
FileTimeToLocalFileTime
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
SetErrorMode
SizeofResource
GetProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GetFileTime
GetFileSize
GetFileAttributesA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FindNextFileA
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GlobalFree
GlobalAlloc
lstrcmpA
GetCurrentThread
GlobalLock
GlobalUnlock
MulDiv
FindResourceA
LoadResource
LockResource
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalFree
WideCharToMultiByte
SetLastError
FindFirstFileA
FindClose
GetTickCount
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentDirectoryA
CreateDirectoryA
WritePrivateProfileStringA
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
ReadProcessMemory
WriteProcessMemory
CloseHandle
GetProcAddress
CreateFileMappingA
MapViewOfFile
CreateMutexA
GetLastError
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
ExitProcess
GetEnvironmentStringsW
Sleep
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA
PostThreadMessageA
CopyRect
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
GetNextDlgGroupItem
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
DestroyMenu
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetDesktopWindow
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
WaitMessage
PeekMessageA
DispatchMessageA
PostMessageA
LoadIconA
FindWindowA
KillTimer
SetTimer
IsIconic
MessageBoxA
MessageBeep
ReleaseCapture
UnregisterClassA
GetMenuState
HideCaret
ShowCaret
ExcludeUpdateRgn
GetSystemMenu
AppendMenuA
DrawIcon
wsprintfA
GetWindowThreadProcessId
GetSystemMetrics
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
SetRect
CopyAcceleratorTableA
CharNextA
OffsetRect
GetSysColorBrush
GetClientRect
GetWindowRect
SendMessageA
InflateRect
PtInRect
LoadCursorA
CopyIcon
GetSysColor
IsWindow
SetWindowLongA
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SetCursor
CharUpperA
LoadStringA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
ShowOwnedPopups
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetCursorPos
WindowFromPoint
GetMenuCheckMarkDimensions
LoadBitmapA
ScreenToClient
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
UpdateWindow
GetClassNameA
MapWindowPoints
GetFocus
SetActiveWindow
MoveWindow
AdjustWindowRectEx
MessageBoxA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SetViewportExtEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysFreeString
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime

wsock32

connect
sendto
recvfrom
socket
inet_ntoa
WSAAsyncSelect
send
recv
closesocket
htonl
htons
bind
ioctlsocket
accept
WSAGetLastError
WSASetLastError
WSAStartup
gethostbyname
inet_addr
WSACleanup

Exports

Exports

��C&��W()2i�XR�;<7]$J�\!̝�&=��l�S�Ab§^�S�� m�� Xo!e��Kra�1A��K��?��b�G��V� D��O� p��P��g�ݧ�=�PH l��:�/@��E"��>$s+79�S��?��Hm�]?Թl�"Ib�ֹ5.�hM/%ħl:��x�浊��9g'�v�� +�V��Q�D�&�ͻ7�^�=QC.�|�9vR ��J��nM��iV(!��b�'劺�|��܉��:�P� ��J��[p�r��5�P`��CK��A L�� B��&�8��w[}��ZVd��`}�~m�f�k��:�j��"��K�vSc�`E��5~�Jf8��qR��#0fRP^�)�y�S|�*@Nm\!~6��C��.��!<��i��tN�� g>1�jvZ�f�z�V��vO}�B?�C4��*�$O�͖��K��Xxm��pޯ�|�t��&V@��ۗksl�(�]�յ�<aW� F�H�Ց��S�/F�m|�ex��m�.j�B�6^ h�.̈P�_��ms#p7ˁ��\&�v�:"��l-�3ʥ|�z�pT�Ӧ�w��yN5�b�@��H��=�Љi��zp�gd$�[�$��D��=��4�}��W�� B�� WI�P�k�_{�N2�C,��0K��b��Ι��]��EF�!��l��Ƒ�g䄹�Ȱ�@�"ds��]�N@yW��%��0�tԜ��ǁ�m�;��O#��N�-�[n�Ӈ�p�h=��i��8��{U={�H_u��M�A�ſ2��dI�8��r�C�jR*HJ#�Ο-�� *�:�Z^&��ھl�<y[ �(̅��Y� Q�җN��B�v� ��e�Ǻ��^�sK�L��v��QWc\�m1�p̳ �@��e�U�� !��ߙ6�k��A�y}|L�Ir��} tA�\�"��1�6�%Y{0�D�L��('W:�T%�`T��9��8��`R�C$�TU��!:��f� ��P(��!d�ˉb��?+R�x��M.��`��ps��|x]��4��'� ��"C�dm�{�!Ə�:��~۔t_��'3�m�pd?f��B�e��D)��Mawc��)��#g��iL� �g��F�B��'��<Qd��ȗZz��*�h�u�$H��<gQ9M��4�O��l�z��ԝ,�Z*c�Hʛ|5.�Ǝ�Y�T��R�X��jK��`t�x׏�MEH]V6K�"�W-@�6��ΆR �i��Y�M��O[d �� (eru؛��K.�X�:B��\%p�C�؄ٳ�b��<kh"��-��l��]��1��B��@a]�?� ��"�^'߲��|Z�e�Zm��[��;^�$�?��4rWk��%��߲P�g��!�t�� M��!��A�@̀_(9'��d[8tG�� +�e�d;�`_J`Dl�[�1��^'��E�k;�h��#��-�OM>�{l6�-h�8�K�,"*�|\Ca�h2"�Z��0��|>�2P��Ҟ��U��I$i��N��ס�^HnbTp`@�/�Ϣ��x[7_��x��7i�I�G5��~Q��h�ӽ��X��('�O�yP�\b��.��>^B��[�)�tRy7 z�%2GaT6Å��,��M_8�ɵ^�q�`;K�B�H��:EI�괙U�nH{ҢU8�j��JL� g�͟_��e�HS#��K�B�*�)ݎ��n��*=��hJ�d{��>��#�2�)�a$��2�2�,�gՇL�f՚��뷐�+�[�l��q�Z?tQ�m��N}a\��e�:荁D�m��`ͷ��~#3*��c [�"�$Ղ��Xv�\*8�A�u��?v�T�((b��Mu� ��+�f�ُW|s��nᠢ$��o��`0�K�N�� s��D�M�Er��A��AT�p�i|�[c��=_�C:[,�t��t��l�Ǵ�b�:|ZRi�:��"O��a ��쉱<��J�$2��03�M�Đ�M�!�ͯ��$B4A�'U��"�X��l��9�p�Y��0��59��7�axS��@�ۇ(<��"��0¿�nO8.Ü�,��a��g��1!��9�5��a�x�� +�� ¾#� Â4D��ރ�mOJ򐃶3��h��̎K'K��؁�� Q�v��9'b��$�'1e��m��Z"�?e�&˓��]E��-R�h��n�2�-/��D�5Z��n50^��R��l�?�_B�J��_��ڮ�� `7q�&UJ��0M_��z>M�1q��,��R�]7��r��1!��4��~U�A��i��p�B�LA�HT" ��<9u;T��:��j'��K$b�Ic}��"�oO��B��.�*��9Õ�&1%�K��wC��Q�B�w�qR]{��םш��#~��\��k��Y0��1��,ک��FgR��7� ��Dz�Inkd?o�f'��}��>zF�!�^��<O��^��Pm n�1�B'��?��~b� ��H��F��'��D��)=j��aG�D�Z�jZW�R��,�p�3m��=t��x�mB��Mw�ryŀ61K#˝��o��3vCL��C�3�g�� p��uٵ�L��1�a+��j�8{��©i��K �#�jx��f��E��q9 ��Yz$Ȁ��>�P�;��̬��?��8�3��/��\�ٸpc�~��A�Fyg��ЮY t��ѐnDE7�th�+/V��7�%D��}�~� �� :��xF�(�s!#��0��4$�=m�

Sections

.text
Size: - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c78ffd8fc0321804be9f85f66053605

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

Exports

Exports

Sections

.text Size: - Virtual size: 206KB

.rdata Size: - Virtual size: 48KB

.data Size: - Virtual size: 48KB

.rsrc Size: 8KB - Virtual size: 10KB

.vmp0 Size: - Virtual size: 124KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 284KB - Virtual size: 283KB

.reloc Size: 4KB - Virtual size: 116B

.text
Size: - Virtual size: 206KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 48KB

.rsrc
Size: 8KB - Virtual size: 10KB

.vmp0
Size: - Virtual size: 124KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 284KB - Virtual size: 283KB

.reloc
Size: 4KB - Virtual size: 116B