42ed099f1d89a4636e6d1cc8df331214_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42ed099f1d89a4636e6d1cc8df331214_JaffaCakes118
Size

72KB
MD5

42ed099f1d89a4636e6d1cc8df331214
SHA1

9e164b04666359cfd366c8f7983a5b69ecb75d91
SHA256

c4938d56ca7756b072d231bb3b96707ecbd5ba1e4bfcfe137d8461081abe3c97
SHA512

e015e72d2a9151a2e9dd60303a267d3bda31a08f208a5532f56bc31738be38a498455a9f7ae6b77ba14b36cae02fdad19ad7079223de26df993be0358bfe6889
SSDEEP

1536:pb6vUxZYBizivwWYhM2zL+/BcyJhLdEp98zoxdVGCapd85uxf6O+:pb6vUaizHJ+c+/CyTWgzoxnHapd85ulO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42ed099f1d89a4636e6d1cc8df331214_JaffaCakes118

Files

42ed099f1d89a4636e6d1cc8df331214_JaffaCakes118
.dll windows:4 windows x86 arch:x86

303733840216a1080269c0e092abe527

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
HeapFree
HeapAlloc
DisconnectNamedPipe
TerminateProcess
TerminateThread
CreateThread
ReadFile
PeekNamedPipe
ExitThread
WriteFile
CreatePipe
DeleteCriticalSection
GetEnvironmentVariableA
CloseHandle
GetCurrentProcess
GetStartupInfoA
FreeLibrary
GetLastError
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
OutputDebugStringA
MultiByteToWideChar
GetVersionExA
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
GetTickCount
Sleep
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
GetModuleFileNameA
DuplicateHandle
InitializeCriticalSection
OpenProcess
lstrlenA
CreateProcessA
lstrcpynA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

GetTokenInformation
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
LookupAccountSidA

msvcrt

srand
time
_wcsnicmp
_ftol
sprintf
strncmp
??1type_info@@UAE@XZ
strcpy
memcpy
memset
_EH_prolog
strlen
__dllonexit
fseek
fopen
fread
realloc
strcat
_except_handler3
_strnicmp
_adjust_fdiv
_initterm
_onexit
rand
fclose
atof
sscanf
_endthreadex
atoi
strncpy
wcstombs
_beginthreadex
free
_CxxThrowException
memmove
malloc
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z

ws2_32

WSACloseEvent
send
WSAGetLastError
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
ioctlsocket
recv
WSAStartup
WSASocketA
inet_addr
gethostbyname
inet_ntoa
htons
connect
WSAEventSelect
WSACreateEvent
shutdown
closesocket
WSACleanup
gethostname

msvcp60

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?clear@ios_base@std@@QAEXH_N@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0locale@std@@QAE@XZ
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??_7?$basic_fstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Fpz@std@@3_JB
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??1locale@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

crypt32

CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain

user32

MessageBoxA

Exports

Exports

ServiceMain

Sections

.text
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

303733840216a1080269c0e092abe527

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

msvcp60

crypt32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 18KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 3KB

.vmp1 Size: - Virtual size: 21KB

.vmp2 Size: 64KB - Virtual size: 61KB

.reloc Size: 4KB - Virtual size: 100B

.text
Size: - Virtual size: 18KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 3KB

.vmp1
Size: - Virtual size: 21KB

.vmp2
Size: 64KB - Virtual size: 61KB

.reloc
Size: 4KB - Virtual size: 100B