4296f2ff06ba50877daebcfb6c2a5982_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4296f2ff06ba50877daebcfb6c2a5982_JaffaCakes118
Size

158KB
MD5

4296f2ff06ba50877daebcfb6c2a5982
SHA1

ffffcf3b5dfca517dd3e9158962de53090f6b2eb
SHA256

e4a6f4f9a5a5f5f7d6cd5cde6af4134859c02727025aacc532b497b5f7f9d973
SHA512

e29cd7dc0b782ec0706d716247b2d27a35782dd0a7e4ed3577923d6b35b478201c8a9651de013e03a8c49bdd509f8d0696486c12695e5351760f16afebb6cf37
SSDEEP

3072:4ANFc26vUrarlSkfeDu1kf0v7pBf5T2kQXfPYwpaSrjH7BaSBBH3VVKpFU7Z7:xQD/pSjeM0v7R2kQXffaWBaSr17Z7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

4296f2ff06ba50877daebcfb6c2a5982_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1025dbe1b1e5b22f8672bce209fd20cc

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

6b:21:92:47:d5:88:0c:34:c3:1b:11:27:aa:2d:e9:c5:e6:ad:25:c4
Signer

Actual PE Digest

6b:21:92:47:d5:88:0c:34:c3:1b:11:27:aa:2d:e9:c5:e6:ad:25:c4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrStrA
StrToIntA

user32

PostThreadMessageA
wsprintfA
MessageBoxA

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoCreateGuid

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
memcpy
time
srand
rand
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__getmainargs

kernel32

SetFilePointer
GetModuleFileNameA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
ReadFile
CreateMutexA
GetLastError
GetFileAttributesExA
ReleaseMutex
lstrcpyA
lstrlenA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
WriteFile
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
CloseHandle
GetFileTime
SetFileTime
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 114B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1025dbe1b1e5b22f8672bce209fd20cc

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:02:30:7e:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

6b:21:92:47:d5:88:0c:34:c3:1b:11:27:aa:2d:e9:c5:e6:ad:25:c4Signer

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

ole32

msvcrt

kernel32

Sections

.text Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 4KB

.reloc Size: - Virtual size: 114B

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 124B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

6b:21:92:47:d5:88:0c:34:c3:1b:11:27:aa:2d:e9:c5:e6:ad:25:c4
Signer

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 4KB

.reloc
Size: - Virtual size: 114B

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 124B