be82ab9069de52dcaeea8c72e4c202fb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

be82ab9069de52dcaeea8c72e4c202fb_JaffaCakes118
Size

226KB
MD5

be82ab9069de52dcaeea8c72e4c202fb
SHA1

16988f7cae7bc3ecb2eb670bf1d6d2f9234c616d
SHA256

69d3488d55bc712aac0ad7a883db8e90fba4460f6fc192c086092847bce3f1af
SHA512

1e8cc22d7ab4b97cbf3342183926e019ce6d47c577bdfffa84df2c9793d29faed839b905b7368eb0f51b0229f50e71cacec04bed605a02a434a64ea40d6e2534
SSDEEP

6144:uZNWPFVd+uNjevrNAWQDqSoaIjKrR/+AJ:eNWPFVd+W/WQ+SoaIjkN+AJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

be82ab9069de52dcaeea8c72e4c202fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10472a2c613ab27f3e7e786492e7bad0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:35:43:d3:e3:46:ce:b3:c9:bc:d7:00:d9:42:e5:dc:ff:97:3e:da
Signer

Actual PE Digest

f3:35:43:d3:e3:46:ce:b3:c9:bc:d7:00:d9:42:e5:dc:ff:97:3e:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

advapi32

StartServiceA

shell32

ShellExecuteA

ws2_32

gethostbyname

Sections

.nsp0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10472a2c613ab27f3e7e786492e7bad0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

f3:35:43:d3:e3:46:ce:b3:c9:bc:d7:00:d9:42:e5:dc:ff:97:3e:daSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.nsp0 Size: - Virtual size: 220KB

.nsp1 Size: 65KB - Virtual size: 68KB

.nsp2 Size: - Virtual size: 4KB

.vmp0 Size: 10KB - Virtual size: 10KB

.vmp1 Size: 25KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

f3:35:43:d3:e3:46:ce:b3:c9:bc:d7:00:d9:42:e5:dc:ff:97:3e:da
Signer

.nsp0
Size: - Virtual size: 220KB

.nsp1
Size: 65KB - Virtual size: 68KB

.nsp2
Size: - Virtual size: 4KB

.vmp0
Size: 10KB - Virtual size: 10KB

.vmp1
Size: 25KB - Virtual size: 24KB