9034895b2a5fafa6b858a3d159dbf9e1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9034895b2a5fafa6b858a3d159dbf9e1_JaffaCakes118
Size

3.2MB
MD5

9034895b2a5fafa6b858a3d159dbf9e1
SHA1

fca6d8946e8d7336d7630a136a69dd2f3b205bd1
SHA256

021ecdcecec2ea886d7bd93b13598babe21ba2748a1214ae77fa363aa255da84
SHA512

082a8c163bd5299aad9f536b1a0978c07cf442c14b1929d5474d19325027f87161b86c85b0648e8dbd433f8ccac7f8bd8e70e451bff8bcfc7e9076caa9cfeee0
SSDEEP

98304:r/UxwKnWwnn2sLYdkIEpP86AzY2rvzztevJG9vxZ/8:oNrnhLxIQPUY2w

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9034895b2a5fafa6b858a3d159dbf9e1_JaffaCakes118

Files

9034895b2a5fafa6b858a3d159dbf9e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

edc6bb7f87a01f28f83a9db54a891a62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WriteFile
SetFileAttributesA
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
Sleep
GetTickCount
CreateFileA
GetFileSize
ReadFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
RtlMoveMemory
lstrcpynA
GetTempPathA
MoveFileA
CreateDirectoryA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
SetErrorMode
GetProcessVersion
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrlenA
LocalAlloc
LocalFree
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowWindow
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
IsWindow
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx

iphlpapi

GetAdaptersInfo

ole32

CLSIDFromString
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ws2_32

WSAStartup
WSACleanup

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
GetObjectA
GetStockObject
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA

comctl32

ord17

oledlg

ord8

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString

shlwapi

PathFileExistsA

Sections

.text
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

edc6bb7f87a01f28f83a9db54a891a62

Headers

File Characteristics

Imports

kernel32

user32

iphlpapi

ole32

shell32

ws2_32

gdi32

winspool.drv

advapi32

comctl32

oledlg

oleaut32

shlwapi

Sections

.text Size: - Virtual size: 135KB

.rdata Size: - Virtual size: 23KB

.data Size: - Virtual size: 3.1MB

.vmp0 Size: - Virtual size: 15KB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.text
Size: - Virtual size: 135KB

.rdata
Size: - Virtual size: 23KB

.data
Size: - Virtual size: 3.1MB

.vmp0
Size: - Virtual size: 15KB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB