93827acad3e7a19ef2ffa0d49a270474_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

93827acad3e7a19ef2ffa0d49a270474_JaffaCakes118
Size

2.2MB
MD5

93827acad3e7a19ef2ffa0d49a270474
SHA1

edf3dcdd3d0b997c094ee250083db0d3a6d8ca35
SHA256

b7cbf65667ecb8abde3b7953fc24056ef9cfdf70cbf9b680d5a602904a6d46e6
SHA512

4ca6921f74216765d436e190c30e59d86f51fd91bb5a0e3c6f1315e78e967f2f303d2e03f3e9a18e81154b7e5bf74aef9fa79cdf3b3927ca930cc5ed824a428f
SSDEEP

49152:cs96nTjbMiEy82ZhxftTr4PIqiGMfsfsf7LLekZlxHkSZF:cs96TjbMiEr29tT0PQfBfzesxE8F

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/龙神５.１６免费版/3KM2.dll	vmprotect
static1/unpack001/龙神５.１６免费版/SKY.dll	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/龙神５.１６免费版/3KM2.dll
unpack001/龙神５.１６免费版/SKY.dll
unpack001/龙神５.１６免费版/龍神辅助免费2013.exe

Files

93827acad3e7a19ef2ffa0d49a270474_JaffaCakes118
.zip
龙神５.１６免费版/3KM2.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

��CALL
��·CALL
ȡ��CALL
��

Sections

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 405KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
龙神５.１６免费版/SKY.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DLL�ӿ�

Sections

.vmp0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 732KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
龙神５.１６免费版/龍神辅助免费2013.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
龙神５.１６免费版/龙神辅助官网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 405KB - Virtual size: 408KB

.vmp2 Size: - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

.vmp0 Size: - Virtual size: 2.5MB

.vmp1 Size: 732KB - Virtual size: 736KB

.vmp2 Size: - Virtual size: 1KB

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 2.3MB

.nsp1 Size: 1.2MB - Virtual size: 1.2MB

.nsp2 Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 405KB - Virtual size: 408KB

.vmp2
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 2.5MB

.vmp1
Size: 732KB - Virtual size: 736KB

.vmp2
Size: - Virtual size: 1KB

.nsp0
Size: - Virtual size: 2.3MB

.nsp1
Size: 1.2MB - Virtual size: 1.2MB

.nsp2
Size: - Virtual size: 4KB