437e2665b758c7465be53f76ebfbccda_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

437e2665b758c7465be53f76ebfbccda_JaffaCakes118
Size

417KB
MD5

437e2665b758c7465be53f76ebfbccda
SHA1

8f15199948bb9ab95e44c42421420dcac39fdec6
SHA256

5020b5ed750e07770d07ce93e9cc9acd0d3806c6ab83ed89d35ef7258ed86ef5
SHA512

5a219fb4555ca70ddd5a5ccb599851a5016e2c71e3a79037e101648396da0c4630fe52ae0c8a5a5cca876a8b1834443de1e1fbcb23756717640f63aa6d25eddf
SSDEEP

6144:TcpZfmBlHfIHAHUYAZqG/cCJwn1nFTffPRwQeeaQee0QeesQeeKBQeehQeeDLJUH:oZfmBlHggHUYAAgccwnmvn3Hu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
437e2665b758c7465be53f76ebfbccda_JaffaCakes118

Files

437e2665b758c7465be53f76ebfbccda_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c07e22f51a8314e81fe1e7c51663054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetModuleHandleA
DisableThreadLibraryCalls
Sleep
GetProcAddress
CreateThread
HeapFree
GetProcessHeap
HeapAlloc
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
LoadLibraryA
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
IsProcessorFeaturePresent

user32

ShowWindow
CreateWindowExA
MessageBoxA
GetAsyncKeyState
DestroyWindow

msvcr90

memset
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_vsnprintf
??_V@YAXPAX@Z
malloc
free
??_U@YAPAXI@Z
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z
_CIpow
_ftol
strncpy
longjmp
_setjmp3
isdigit
isspace
sscanf
memcpy
ldexp
_strdup
setlocale
floor
_CIacos
_finite
iswpunct
iswdigit
iswalpha
iswspace
__CxxFrameHandler
exit
sprintf
fread
fseek
fwrite
fclose
tmpfile

d3d9

Direct3DCreate9

gdi32

GetGlyphOutlineA
SelectObject
GetTextMetricsA
GetObjectA
DeleteDC
CreateDIBSection
GetObjectW
ExtTextOutW
MoveToEx
ExtTextOutA
CreateCompatibleDC
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
GetCharacterPlacementW
GetCharacterPlacementA
DeleteObject

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c07e22f51a8314e81fe1e7c51663054d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr90

d3d9

gdi32

advapi32

Sections

.text Size: 264KB - Virtual size: 264KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 52KB - Virtual size: 65KB

.rsrc Size: 1024B - Virtual size: 696B

.vmp0 Size: 20KB - Virtual size: 19KB

.vmp1 Size: 512B - Virtual size: 256B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 264KB - Virtual size: 264KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 52KB - Virtual size: 65KB

.rsrc
Size: 1024B - Virtual size: 696B

.vmp0
Size: 20KB - Virtual size: 19KB

.vmp1
Size: 512B - Virtual size: 256B

.reloc
Size: 10KB - Virtual size: 10KB