529243da8028c6a2233c12d899e80388_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

529243da8028c6a2233c12d899e80388_JaffaCakes118
Size

1.1MB
MD5

529243da8028c6a2233c12d899e80388
SHA1

ea9396a8f641125c9533a301e96db08edb83e1d1
SHA256

ba4a499c7976a2f5fbfe30f48a859689fa7913b5bc56d44de5b998b7615b8f46
SHA512

8581e776733e9b0da4bcd3cd8b19c996013af24682eb8a4c63fc0fd528dcb58900ddde80e12a0532bd2854a553fc7cd7f7df53ab4e55e44c640d550122aedfc6
SSDEEP

24576:8TMgeeffP4MvBdzwd3uBVXXxVMOL9MG9kdRjl3kRkFXsGa0a:IfeAfgMvnm3SVXXxzL/9kdjU6Fcea

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/CFڲ͸.vmp.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CFڲ͸.vmp.exe

Files

529243da8028c6a2233c12d899e80388_JaffaCakes118
.zip
CFڲ͸.vmp.exe
.exe windows:5 windows x86 arch:x86

e656b1c3b7b16abab52b15bd569ed2e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile

rasapi32

RasGetConnectStatusA

winmm

waveOutRestart

ws2_32

listen

kernel32

TerminateProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA

gdi32

CreatePolygonRgn

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

SysFreeString

mfc42

ord3089

msvcrt

_mbsrchr

Sections

.text
Size: - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e656b1c3b7b16abab52b15bd569ed2e8

Headers

File Characteristics

Imports

wininet

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

mfc42

msvcrt

Sections

.text Size: - Virtual size: 458KB

.rdata Size: - Virtual size: 71KB

.data Size: - Virtual size: 432KB

.vmp0 Size: - Virtual size: 792KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 458KB

.rdata
Size: - Virtual size: 71KB

.data
Size: - Virtual size: 432KB

.vmp0
Size: - Virtual size: 792KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 8KB - Virtual size: 6KB