JaffaCakes118_5d7c05c6cd191b8b38dabc343a1ec22b6631672929f8374fa44807a5f9847f19

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_5d7c05c6cd191b8b38dabc343a1ec22b6631672929f8374fa44807a5f9847f19
Size

675.4MB
MD5

cbbf92ce3daf529349bad0a1baf27337
SHA1

a78e57b170b03b121e6799c020a6d388f9622009
SHA256

5d7c05c6cd191b8b38dabc343a1ec22b6631672929f8374fa44807a5f9847f19
SHA512

c288b697808211797fd82a682ae1cdbe0e4cd1940b8c1bb6846b175e78771af3f5f1f52c7fc13d5f3ab253dd1bb5c81d9d42f1549a27381c7e70db703d374c88
SSDEEP

12582912:9YQyQyQyQyQyQyQyQyQyQyQyQyQyQyQ1QyQyQyQyQyQyQyQyQyQyQyQyQyQyQ1Qe:9Ynnnnnnnnnnnnnn0nnnnnnnnnnnnnnc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

JaffaCakes118_5d7c05c6cd191b8b38dabc343a1ec22b6631672929f8374fa44807a5f9847f19
.exe windows:5 windows x86 arch:x86

8921f90785e5685c1c426e78a0651a86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-04-2006 00:00

Not After

22-06-2009 23:59

Subject

CN=Nero AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LEGAL DEPARTMENT,O=Nero AG,L=Karlsbad,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:24:99:fc:90:9e:2f:f1:55:19:ac:92:db:39:89:f2:29:fd:62:fd
Signer

Actual PE Digest

31:24:99:fc:90:9e:2f:f1:55:19:ac:92:db:39:89:f2:29:fd:62:fd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ReleaseDC
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetDeviceCaps

ole32

CoCreateInstance

oleaut32

SysFreeString

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8921f90785e5685c1c426e78a0651a86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34Certificate

Extended Key Usages

Key Usages

31:24:99:fc:90:9e:2f:f1:55:19:ac:92:db:39:89:f2:29:fd:62:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

wtsapi32

Sections

.text Size: - Virtual size: 253KB

.rdata Size: - Virtual size: 62KB

.data Size: - Virtual size: 130KB

.vmp0 Size: - Virtual size: 4.5MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 136KB - Virtual size: 135KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

31:24:99:fc:90:9e:2f:f1:55:19:ac:92:db:39:89:f2:29:fd:62:fd
Signer

.text
Size: - Virtual size: 253KB

.rdata
Size: - Virtual size: 62KB

.data
Size: - Virtual size: 130KB

.vmp0
Size: - Virtual size: 4.5MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 136KB - Virtual size: 135KB