f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118
Size

615KB
MD5

f44cee38b8aff02dadaaddf3ff652c9c
SHA1

3ad07318c01d73bfbd904080c14bbb1fbf1a3989
SHA256

ea3c8c87308969cbcf1ab524a047479d5c9dde71574c35d5430f997e9c9f175f
SHA512

7bb8a13c5ecf1fad1f6a781323acf8fd7136bc519350d4bb5044774876cbe964ad231ceadd59893b98342fa961af8c5403e3ff704fffc96384a140463cead579
SSDEEP

6144:EwiwZmLUYSM/mTGxeeKegyQeeaQeewQeesQeeG7QeehQeeFuGhVoQHAMQs06z2dw:EwJwLUYSGmTUZeG1gGussw39525QJzF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118

Files

f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e236236408acbd2344d6b7ee4c6a6257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
VirtualProtect
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
DisableThreadLibraryCalls
VirtualAlloc
IsBadWritePtr
Beep
ReadProcessMemory
Sleep
GetCurrentProcess
IsBadHugeReadPtr
ExitProcess
MulDiv
OutputDebugStringA
IsProcessorFeaturePresent
GetSystemInfo
VirtualFree
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow
DefWindowProcA
CreateWindowExA
GetAsyncKeyState
RegisterClassExA
DestroyWindow

gdi32

GetCharacterPlacementA
GetCharacterPlacementW
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
GetGlyphOutlineA
SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
GetDeviceCaps
SetBkColor
DeleteObject
GetTextMetricsA
GetObjectW
GetTextExtentPoint32A
CreateFontIndirectW
ExtTextOutW
MoveToEx
GetObjectA
CreateFontIndirectA
ExtTextOutA
SetTextAlign
SetMapMode
CreateCompatibleDC
SelectObject

msvcr90

__CxxFrameHandler3
_CIsqrt
memcpy
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnprintf
system
malloc
??_U@YAPAXI@Z
memmove
sprintf
free
ceil
_mbsnbcpy
memset
_ftol
strncpy
_CIacos
_finite
iswpunct
iswdigit
iswalpha
iswspace
modf
__CxxFrameHandler
floor

msvcp90

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ

d3d9

Direct3DCreate9

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e236236408acbd2344d6b7ee4c6a6257

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

msvcp90

d3d9

wininet

advapi32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 39KB - Virtual size: 51KB

.vmp0 Size: 61KB - Virtual size: 61KB

.vmp1 Size: 30KB - Virtual size: 29KB

.reloc Size: 12KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 686B

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 39KB - Virtual size: 51KB

.vmp0
Size: 61KB - Virtual size: 61KB

.vmp1
Size: 30KB - Virtual size: 29KB

.reloc
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 686B