JaffaCakes118_72b00a7e7cd31bd9c102d7473208115cfd2586c2a7c081957250ef1762b6059a

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_72b00a7e7cd31bd9c102d7473208115cfd2586c2a7c081957250ef1762b6059a
Size

677.6MB
MD5

1121503015a0161f94ceaba6461390d0
SHA1

1e9ac9da1bef57aa879e9f13cfd3951177c4b96f
SHA256

72b00a7e7cd31bd9c102d7473208115cfd2586c2a7c081957250ef1762b6059a
SHA512

370218c27c01b8c9f4a3bc5da29ad3b6ff4758c24e3a97e2389214f4963e2299c3cb0aacf711b8a33f2f78919fceac862da6cfbb28107541cfc1666237327482
SSDEEP

12582912:qQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQKQyQyQyQyQyQyn:qnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

JaffaCakes118_72b00a7e7cd31bd9c102d7473208115cfd2586c2a7c081957250ef1762b6059a
.exe windows:5 windows x86 arch:x86

e4a080fe3824aa611c56562a3d9167ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11-04-2023 00:00

Not After

12-04-2026 23:59

Subject

CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

79:53:9a:5b:da:62:d7:e8:ae:c0:96:d3:ad:2c:48:f8:d0:74:0c:be:98:46:df:46:1e:b5:c5:31:1a:87:64:9c
Signer

Actual PE Digest

79:53:9a:5b:da:62:d7:e8:ae:c0:96:d3:ad:2c:48:f8:d0:74:0c:be:98:46:df:46:1e:b5:c5:31:1a:87:64:9c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance

oleaut32

VariantInit

crypt32

CryptStringToBinaryA

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a080fe3824aa611c56562a3d9167ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:ccCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

79:53:9a:5b:da:62:d7:e8:ae:c0:96:d3:ad:2c:48:f8:d0:74:0c:be:98:46:df:46:1e:b5:c5:31:1a:87:64:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

crypt32

user32

Sections

.text Size: - Virtual size: 281KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 298KB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 337KB - Virtual size: 337KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

79:53:9a:5b:da:62:d7:e8:ae:c0:96:d3:ad:2c:48:f8:d0:74:0c:be:98:46:df:46:1e:b5:c5:31:1a:87:64:9c
Signer

.text
Size: - Virtual size: 281KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 298KB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 337KB - Virtual size: 337KB