52cf04cdcc3f21484500c3487d9fc9f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

52cf04cdcc3f21484500c3487d9fc9f7_JaffaCakes118
Size

788KB
MD5

52cf04cdcc3f21484500c3487d9fc9f7
SHA1

571002b0b27836b1d04628b29fbe04ec205e40f8
SHA256

e4d866828b692699c3002ed8ce6bdde8f8e2a7fa0d6ec58791674af2a366862b
SHA512

aa1f1236f57c3f3b07817afac99bfba94c7fd317219614d50dc05404b9fba6a7086c99edcf532f29d34c3f18a9e914451a645015beb8916227c268205e7e39b5
SSDEEP

12288:36c1hCFcDuyQRm84P6L0ENovoaZ8+atX3Y8YbYoNjJtQv+TizCQMHqcInW:NpCRm56wENovoOmYYWTi+dI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52cf04cdcc3f21484500c3487d9fc9f7_JaffaCakes118

Files

52cf04cdcc3f21484500c3487d9fc9f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9c0b9efe92b50e0b82b5794839efae9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
ord693
ord694
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaAryRecMove
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
ord629
__vbaError
__vbaBoolErrVar
ord660
ord553
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarXor
__vbaAryDestruct
__vbaCyErrVar
__vbaVarIndexLoadRefLock
ord592
__vbaExitProc
ord593
__vbaVarForInit
ord300
__vbaI4Abs
ord594
ord301
__vbaOnError
__vbaObjSet
ord302
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaForEachCollVar
ord520
__vbaStrFixstr
ord307
ord308
__vbaFPFix
ord309
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord631
ord709
__vbaErase
ord632
__vbaVarCmpGt
__vbaVargVarMove
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaObjVar
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
ord561
DllFunctionCall
ord563
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
ord310
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
ord312
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
__vbaR4ErrVar
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaFailedFriend
ord607
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
ord535
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaR8Str
__vbaVar2Vec
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarCmpLt
__vbaVarNot
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaVarCmpEq
ord689
__vbaLateMemCall
__vbaInStrB
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
ord614
__vbaAryVarVarg
__vbaFpI2
__vbaVarMod
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaVarCopy
__vbaVarTstGe
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaCastObj
__vbaUI1Str
__vbaI2ErrVar
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
ord619
ord542
ord650
_allmul
__vbaLenVarB
__vbaAryRecCopy
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

kernel32

GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Exports

Exports

�C4NQ*�q�_u��fE�ӊ�AKw��T�Ƕ)�= ��gI<��U��wY�l�� f��=rL�^jb7��)��"�� [�Y�"rr@�K�EFw��v��PD�y�"�y��+Ux�X��w��v��A��:3[�"�5�[�m��l�e�YĹx��]d��7}�h�:�LS��ؾh�� f��я�n��{� [��[�i�h�͍�̂��^>!��@KNg��af%|4��i,��L\��ql"�~�XsZ��.�rϨ�0�!*m�2t?׾�^2��̣�Q%�c��p�uP��}m�3xa"��,}Ql�f#-R��6űe��*'�~5�L��_��N�^]�A�S��]V�ʕ=z�?��2К *� 5��[�H�j�) )� G��QTQ&Q�CSK��z��Xޤ\u7K��D<d8M4󡢗��C�ڤ�r�(��bU��m8��|�Gї5��.��c��=�r�wىH�#�-�eo��G%6��-�� 1��n�>#�M o��Ry��MK>��r�]!��c��Qw! �j2.��a<��C�\�V�oC ��<#��R*O$)��3 }�%�O�FZr�� )��Wf�&�/��忾�ZZ��P�-�dB(*�+e%��p�i!�RQ��l[Rھ]��p˹z�L]��D8Vf��XL3ԛ&ل�/�O�Nr�,ʿ��ou�:�T�M��ۨoli�F�t��I`;�d��f`��^��#L��De�N��G2��/�&?��ٞ�2��Ya+��6G��P�ZYM��_�&� �L</�v}��'�Rjڔ@�.�L~I��7��AH��W��K�5�o�J��na��d�1��A��.o.��d�R՚��p�]$�L��BIT|z*b�Tp�E��9�� m�D�ދ��'3��*ͭ�,��<�&�)��čL��ě�-Wpp�{�cP�5!8�*p��!��=��As��SpS��'ϒp��~�E�T�� 0TL��S� �� T{ � ��z��oN��1iN1��6��Tc�Q�svM�ҋQU��nޘu�"��W|��i��ض<�E/Z�-63��֘W6��а׬^�)��k소�h)i^�T��_#��[�1L�'A��v��b�.?p��3#Է��EW�زLv�d\�)^#�S�k�r-~Ϙ#�+�G��B�x ��!e$��G�wu0��!iZ��Wm�:�ݏ��"Rv��M�̳��9��RV�"!��^��b��]�w1S�PHGGτخ�p��:��8W��.��r@�%9�,�V��-{3h^��O]�T'�/'� ��H�I��ꈀ)�Rk��?,W暁j�l��0��:g�`b��!��#�C(��b�W��[fEZ��-Ku��[��R�:��6'�'��rj�!��=��$M��5zb�?b򫞛�9t6�N=�j�etO�̭�&��w`!,�LԘ)��zݗwF�3��ٌ�d$�-�+��zZϊ$U��EO�ǆv�;�e�f��^��9�wH�`l��J$�둯B��~��B��VӉ�)�>$��:�;o_�S�><�Į�j�]��'��C��C�Q{-I�~'k:i��<9��s�位��T�8��o3��H6�~z9�7J��l^{�=R>�)�H ��c�w��~�`p�IU��-��$]q��T^��׏6�zGc��`UX�ֹE��o��m��&G��4�&��\M~7�Vުu��<%-��E�Q��=3Ԉ KB ��s�M��Nv[��z n0ɐ�q��5�'S��^N}��8�)+鵂{��*��k��>k�8Ef�5}CYETn�xU�QR��y��5��P�!�IG�gq�!\!��u��I��V�y��xN>/;s�o}xdϱcU�}��a�֓��:�2�?��TTy�+��0��R:��!�S̖��G{��I�/-��[��g��K��BO�J�� D��tV�1�Վ\�K�]�4<Bz�,�VsZ�g-��Ƅ��2��+p2�H��,\�8�N�:_��/W_��G��T��B~V�P[c�=ŸK�h�j�?`��t�1�Mr��+�(�=f��׹��Y�{N��p��ˬ<��RF�'�d��T��k��)�.q� P�+�"\�B�J�/ 0A6Cȧ}��q�u�� C,s@��T�֜�懜�m�6�$(t1i/2J1v��P�I��/�qy=&�\�ͽ:�{��$D��gҲx�in��V�}�N�d��`��A��J/�$H�^�'��\�#P%ĺ&Ҳp�"��o[�P[[��sO�v~�E8��:+�@��(�i��e*��W�ޅ!s6�Jlvʪ,��z�D�T��ʦ��%�4e�#HB��3�#Z��!V��<�rV6=5��e�� @��]��r�P�'<�� q|��Ls�u\:��h�y,�t��d�{�7{�̻)��Z�U$��OD%*>N��>�o��P��M�R qZU�]G_�d��&Jz��G�� D��_f�KI�L%VC MN��rD�&�� ܲ�$d�W��.8I7��x��㋖��j�u�0��=}~��A��{ 2��mk��Xjc��C��/��w*�JOJ�O��WW汍Ik̸�4�+��E��`v��2�'K�؏��$X.z��R3=eQ�p��C��)^o��׉��,G7�� Seeq�;�9'��Y;4�6S�ko�\X�#C�neD�7],5��pi<0�8铴�hOT��~q��YN��tm��p��s�5�Y��R;��҃�$��

Sections

.text
Size: - Virtual size: 1012KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 748KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9c0b9efe92b50e0b82b5794839efae9

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 1012KB

.data Size: - Virtual size: 23KB

.rsrc Size: 28KB - Virtual size: 29KB

.vmp0 Size: - Virtual size: 328KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 748KB - Virtual size: 744KB

.reloc Size: 4KB - Virtual size: 212B

.text
Size: - Virtual size: 1012KB

.data
Size: - Virtual size: 23KB

.rsrc
Size: 28KB - Virtual size: 29KB

.vmp0
Size: - Virtual size: 328KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 748KB - Virtual size: 744KB

.reloc
Size: 4KB - Virtual size: 212B