9b55bffb97ebd2c51834c415982957b4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9b55bffb97ebd2c51834c415982957b4_JaffaCakes118
Size

1.2MB
MD5

9b55bffb97ebd2c51834c415982957b4
SHA1

728262abdfc4f0e8a84eb3b5cd2be9ea9d0acc16
SHA256

a62cee3d2610ed0f693179838803e5c60dcd4f68028c60f5761b90c750125e11
SHA512

4fa9d641aba15fd07a0711530ab1f1a4e8dbafe03e1ab71845bcdcd0a1efa9e59a05915834c5c717beada659dd5ee459aa7e08b4b0acc8f867ace07430eb11f2
SSDEEP

24576:0G9h7lhNYhemeqcCLtbvL8iNJqzM3cITaF3+pJiP8LXloL5113GrfhM59ta:0G93SemeqcCZvL8i/qQ3ccJiPiXOL51C

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b55bffb97ebd2c51834c415982957b4_JaffaCakes118

Files

9b55bffb97ebd2c51834c415982957b4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ce2e3128f712f58f1a37d1d9001aeeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfW
MessageBoxA

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoGetInterfaceAndReleaseStream

ws2_32

WSASetLastError

shlwapi

PathFileExistsW

winhttp

WinHttpReceiveResponse

wininet

InternetOpenW

quartz

AMGetErrorTextW

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce2e3128f712f58f1a37d1d9001aeeb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

winhttp

wininet

quartz

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 449KB

.data Size: - Virtual size: 92KB

.rsrc Size: 32KB - Virtual size: 32KB

.vmp0 Size: - Virtual size: 100KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 136B

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 449KB

.data
Size: - Virtual size: 92KB

.rsrc
Size: 32KB - Virtual size: 32KB

.vmp0
Size: - Virtual size: 100KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 136B