JaffaCakes118_ee9a39289b1515a19727989d5aa4ba18

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_ee9a39289b1515a19727989d5aa4ba18
Size

5.6MB
MD5

ee9a39289b1515a19727989d5aa4ba18
SHA1

5f39c931de7b85579efd964f914a5b4b73f127ee
SHA256

e388278f58445533165adf816fa66770373de91581acfd15f85bc8d33c6b9ae1
SHA512

89569cda298b800e3c3f7be0d074a25465388771fefaaf5b98b5ab955b5f7148454f04fca79c59984e6b441bd094bb7bfb287e7764e03085bac702b8453009a1
SSDEEP

98304:Qr1eZRfOlXDCcQrgVV6EU4YKV6f+LNCFUdjhCgoJIB0BaOXWgMkCCAMOMvuaXwLH:QafONCZgVY46f+6UNPNuXdAMOIULyt8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_ee9a39289b1515a19727989d5aa4ba18

Files

JaffaCakes118_ee9a39289b1515a19727989d5aa4ba18
.exe windows:6 windows x86 arch:x86

03e166c012c82ced405ded074d5e68af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetUserNameA

crypt32

CryptUnprotectData

bcrypt

BCryptOpenAlgorithmProvider

ws2_32

select

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e166c012c82ced405ded074d5e68af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

crypt32

bcrypt

ws2_32

wtsapi32

Sections

.text Size: - Virtual size: 383KB

.rdata Size: - Virtual size: 67KB

.data Size: - Virtual size: 9KB

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 66KB - Virtual size: 65KB

.text
Size: - Virtual size: 383KB

.rdata
Size: - Virtual size: 67KB

.data
Size: - Virtual size: 9KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 66KB - Virtual size: 65KB