6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118
Size

364KB
MD5

6d95c6e48c7115fa3f2b9b4c55721dde
SHA1

a6fba164e026bb2ff326ffee12391ab1cd263e2b
SHA256

04b805cf84894e496013042cb5b6b8127f7fa53cac3413164d16cd1bafbd5a3d
SHA512

13467e0a17469ad6087eed60ef91b9853a47e6da8663f11535c29591d11a127926808ed2bb0128c417f7659f43a02ad7f48badf008d2521b9b1bf437226db279
SSDEEP

6144:kRt1iwXgCFU+2Abuu86yZsnHeft76/7lT0VUByHoT6jMbIDvmm1V3S1N:kziwj2ussHqt760CVb7m16

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118

Files

6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c73ecdbf5e03834c5cc19ec0d150b2c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
GetLocalTime
WritePrivateProfileStringA
GetTickCount
GetCommandLineA
LCMapStringA
GetSystemDirectoryA
Sleep
GetStartupInfoA
CreateProcessA
WriteFile
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
QueryDosDeviceA
GetLogicalDriveStringsA
GetTempPathA
GetVersionExA
IsDebuggerPresent
LocalAlloc
LocalFree
UnhandledExceptionFilter
FileTimeToSystemTime
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetLastError
EnterCriticalSection
lstrcpyA
FreeLibrary
LoadLibraryA
lstrcpynA
DeleteCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetProcAddress
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrcmpiA
GetFileAttributesA
GetFileTime
lstrcmpA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
LCMapStringW
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
MultiByteToWideChar
CopyFileA
CreateFileA
ReadProcessMemory
SetFilePointer
ReadFile
DeleteFileA
DeviceIoControl
GetTempFileNameA
RtlMoveMemory
GetModuleHandleA
TerminateProcess
OpenProcess
CreateRemoteThread
GetCurrentThreadId
WideCharToMultiByte
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
Module32First
InitializeCriticalSection
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WriteProcessMemory
VirtualProtectEx
WaitForSingleObject
CreateThread
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MsgWaitForMultipleObjects
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
SetTimer
GetClassNameA
GetWindowTextA
IsWindowVisible
EnumWindows
GetWindowTextLengthA
CopyImage
LoadIconA
GetWindowThreadProcessId
RegisterWindowMessageA
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
GetWindow
GetMessageTime
CharUpperA
CopyIcon
GetDesktopWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
PostThreadMessageA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
KillTimer
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
RegisterClassExA
GetClassInfoExA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetFocus
SetFocus
IsWindow
GetDlgItem
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
UnhookWindowsHookEx
DestroyIcon
TrackMouseEvent
SetCursor
DefMDIChildProcA
DestroyWindow
EndDialog
GetClientRect
DefWindowProcA
SendMessageA
EndPaint
BeginPaint
CallWindowProcA
GetAsyncKeyState
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
LoadCursorA
GetSysColorBrush
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
GetMessagePos
GetForegroundWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadStringA
UnregisterClassA
CopyRect
GetKeyState
MessageBoxA

gdi32

SetTextColor
CreateRoundRectRgn
CreatePatternBrush
CreateSolidBrush
StretchBlt
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteObject
SetBkColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC

advapi32

CreateServiceA
RegEnumValueA
OpenSCManagerA
OpenServiceA
ControlService
RegCreateKeyExA
RegSetValueExA
RegCloseKey
StartServiceA
DeleteService
CloseServiceHandle
RegOpenKeyExA

shlwapi

PathFindFileNameA
PathFileExistsA

shell32

Shell_NotifyIconA
DragFinish
DragQueryFileA
DragAcceptFiles
ShellExecuteA

atl

ord47
ord42

ntdll

LdrQueryProcessModuleInformation
RtlDecompressBuffer
ZwClose
RtlMoveMemory
LdrGetProcedureAddress
LdrLoadDll
LdrUnloadDll
LdrGetDllHandle
ZwAddAtom

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

SafeArrayDestroy
VarR8FromBool
VarR8FromCy
OleLoadPicture
VariantClear
SysAllocString
SafeArrayCreate

winmm

PlaySoundA

rasapi32

RasHangUpA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA
RasDialA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

socket
WSASetLastError
gethostbyname
ioctlsocket
htons
setsockopt
send
recv
closesocket
select
gethostname
WSACleanup
WSAStartup
connect

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
FtpFindFirstFileA
InternetFindNextFileA
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetOpenA
InternetCrackUrlA

Sections

.text
Size: - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c73ecdbf5e03834c5cc19ec0d150b2c3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

shell32

atl

ntdll

ole32

oleaut32

winmm

rasapi32

comdlg32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: - Virtual size: 369KB

.rdata Size: - Virtual size: 31KB

.data Size: - Virtual size: 333KB

.rsrc Size: 28KB - Virtual size: 25KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 328KB - Virtual size: 325KB

.reloc Size: 4KB - Virtual size: 76B

.text
Size: - Virtual size: 369KB

.rdata
Size: - Virtual size: 31KB

.data
Size: - Virtual size: 333KB

.rsrc
Size: 28KB - Virtual size: 25KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 328KB - Virtual size: 325KB

.reloc
Size: 4KB - Virtual size: 76B