JaffaCakes118_f19f125c6355d85fcf8d1c2d5e5ce584a8f9c3d17c582060f9b8783836878fda

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_f19f125c6355d85fcf8d1c2d5e5ce584a8f9c3d17c582060f9b8783836878fda
Size

657.1MB
MD5

62ac3c7e7e39d0c9b95f157560b5aa34
SHA1

6602ce66ce0dd9933b532dce83b84abfceefdde0
SHA256

f19f125c6355d85fcf8d1c2d5e5ce584a8f9c3d17c582060f9b8783836878fda
SHA512

7af61551872a3423450a43a2dbec9267f253ee25f39a703df9bf2a529333292141a5bf49a6d89cacf06c97b252f29194e2784a57d8469b6dc871870408f756a7
SSDEEP

12582912:0QyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQyQjQyQyQyQyQyQyQyQyQyQ:0nnnnnnnnnnnnnnnnnnnnnEnnnnnnnnn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

JaffaCakes118_f19f125c6355d85fcf8d1c2d5e5ce584a8f9c3d17c582060f9b8783836878fda
.exe windows:5 windows x86 arch:x86

e4a080fe3824aa611c56562a3d9167ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11-04-2023 00:00

Not After

12-04-2026 23:59

Subject

CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

be:9b:0e:f0:93:7a:31:86:ec:70:87:27:b6:e7:61:62:5a:80:e8:0d:b1:4e:ca:7e:d4:2c:6f:4a:72:28:47:f7
Signer

Actual PE Digest

be:9b:0e:f0:93:7a:31:86:ec:70:87:27:b6:e7:61:62:5a:80:e8:0d:b1:4e:ca:7e:d4:2c:6f:4a:72:28:47:f7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance

oleaut32

VariantInit

crypt32

CryptStringToBinaryA

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a080fe3824aa611c56562a3d9167ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:ccCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

be:9b:0e:f0:93:7a:31:86:ec:70:87:27:b6:e7:61:62:5a:80:e8:0d:b1:4e:ca:7e:d4:2c:6f:4a:72:28:47:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

crypt32

user32

Sections

.text Size: - Virtual size: 281KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 298KB

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 165KB - Virtual size: 165KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

be:9b:0e:f0:93:7a:31:86:ec:70:87:27:b6:e7:61:62:5a:80:e8:0d:b1:4e:ca:7e:d4:2c:6f:4a:72:28:47:f7
Signer

.text
Size: - Virtual size: 281KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 298KB

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 165KB - Virtual size: 165KB