JaffaCakes118_8acbcbf44129ba83f8184b130dcb8719

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8acbcbf44129ba83f8184b130dcb8719
Size

2.0MB
MD5

8acbcbf44129ba83f8184b130dcb8719
SHA1

df0123f02d1b7ba786bca1ccf932babb9b4376a9
SHA256

290453d76b0af3443ee9af8ce54916a0d07330d921a4c0b0de97d6af605bb04e
SHA512

cfb5b505410f25b3793b3aa3cf4b48485c7ea8f2eacc8f59cd9c0189d9f70e99f74d9d5b21c572911d39ac61ab5f0b55b6a1288de9bc6f7b73b2cf3988c99fca
SSDEEP

49152:j7S3xpcAkt+uPi3SKD1K/VRxi1/j7eCypv5xkkxBiBKHjIZSA:jeBpsw+i96HK/j7e5pxjxBiBN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8acbcbf44129ba83f8184b130dcb8719

Files

JaffaCakes118_8acbcbf44129ba83f8184b130dcb8719
.exe windows:4 windows x86 arch:x86

0906468f8b94f773eff68ffb89da3bb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CallWindowProcA

gdi32

SetViewportOrgEx

winmm

midiOutReset

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CoRegisterMessageFilter

oleaut32

SafeArrayUnaccessData

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

closesocket

comdlg32

GetOpenFileNameA

Exports

Exports

��Q��.D��^��<��1}�Y��r��O�7��޳�� j��N6��ۋE�g�:�Jd�Y�K�9G+B�^c~�/�;��v��4��v�b@�"03��J-�!%a(XF�U��c��ꕂ�ܤ�o�]�₤w4��Ja��_��c��Y·!�5��;X��|2 9�nr(N�N��XI\��~'\Ԑ1;\��RI�ѠҤU�Z[��tO?��|��5J�uF^��׹ �VF��7��j�6,�':��F�D�Н��@��6��K;�x��#*��͔�4��sN�E��Q'A@�G\ �4��9��Y< o�R |�܊";W�v|D�#��o��-V�|��I2sm�E�� !3�#��1�JoopӤ�w�?B�RƠ ��E4��,��N��ό��%� {�U��A�S�t��B�-֗�ͼMC ��7��͚��O�I]_D7��n�%'��W�]�ɖǡ�M��R�o0Lo��>�,i��B��ѽ��3}{�B��KEԢ_��+͂�n��}&��G(�@��7��s��'��r�� J�7n�)7��Ld�p�F�Mj�S��8��|��)g�TPo0˸k¥~��׊b��K�!��1�(|S>L]+EE5p�+.l�>�7�"q��|�5/�a��Wm��Eg8��뺭�7�EW��)��m��0�"��S�&T��ӻ)N��^��NZ��/��o�� b?l�Nۦ8��;;��>��ӑj��":�a��*�N��L��l�e��z>ac��\�\�!-�$��+5Oj *��gOX�e��DO��]e⦥��Ug="6�K�*Q��*�!� sE��P��΀��u�-�c뉣��[�C$��mEh��A��2�j��*d�*:��?6t�X6Υ��~sʇ�z��&Wo��s�ۍdE�j3�� ;�~h�� o��ˮo/�}Rֲ��k�8n�j�ة�D��:M.9�뢍:ً�_�U9�B��Zz��'��'F�R�m˕9�eɻ�3v��#|��l��y�*�*�c��~� A�ae��e��7 =㼛��Mj�|�'�a9㠑}��2J�nz��{��9q� �Lݬ��y䛒�� m��}�Elg�Ҳ ��b¯b��q��P��)��B<ii��đs��5��(ezw�<�$��( ��H<��j�C��%j��P��ly��2��J�nVV�R�+!6��ݰw1��]�*ǩ��+ߍS�� ?�Fv�ϭ��$z� 0۷�.v�"�▤�_��UNǱW%9�l��Iс��u��}��w��I��o��2@��(�X��M��j�&RD��7��!��>��bdO��9�8P�gq�QMdU2��ǟZ��'��O��s.>��7g��r��ɪ�s��${��3�}�Ѭ�Rd��hK��20/b��y�r��X��~�ɀ!��}W�_�*�=Y'W8�n�P>�A�|+��x�G0}]H�X}��E½��C��F��7��̐��@��0H��|�C-��P�H��x=�e��#�w�?.O�=�,��G��:��i!2_Rcף��\��t{�Al�9� ��I8�W��7h�?��c �a��O�q�&�wc�aВ�.,�i��$|��}��G��rE�MT.l��޹f�]��܄��@��t��}�Q:v"Ry�t^�|��i��=S��O��̟��N�M*!]ҥ�b��e�g��p��N�j��3%5�-0E�� Q�'�m�J�N��śh� ��e��j�cO��dE �S�-�8��<t��K�>�8��fi�{�9+;p�Xc��_��(�#�H�DS�J��'��3_��C��ȯU�]��b�"��,�� '��)�g�=K�jVd��.�B5�e��]��+rq��+�t��%g��B�@Y'��X��/.7ܟC ��5x��z��ԅt�a�Y>ס%[Ő�^�}�~�� =�R�Kځ�ƲS~}�|��Ya*@�`�-:M+��4��)�tW�)�E�AG��o:`D��d�5׌Smo?��S��I��ݧ�|��E�﮹�^@�1�'��'�3O3JOI1�I�*�Jܭ�S��;� ju�\�J��PX�dQ��[$��eoL��YSM5��P�.�:��V�|^$��Bnv�Avw��RhV��fT˿q'��z�^7��ʶn��㯿��a�O��$�@�3�sF�r7�� ʴ��Z��A��B0\��qI�螨-�]��n�Dh�zmuA��*\�F�%��_��s"�3�0Iz�g��K4A�3ԫ��D�PQ��n� lv|Ć�x�Ǖ�&~�ձ��HLYAƤwY,F��8 T{��;�8��7�c�j�D��KTr�)O�R�"��<�Z��' ˺��*l�� !��/�4��)�`Y��}�~+�DB|_Z�8��*K^s�]��8��}�dA\f��tH{(*��FX9�|�8VZ��ئoW��o��ܩ�D�s^��XQ��ឍ>�/\Irל�,l|�5�7C��-� Y�`H ŧ��Oc{��,X��$X?[�!;\<��$��\�ފ\��7<��y��Y��Z��%�x�^_)@PM�K|_2��v/�"�Ro|��~p�A�5�M��H7��g<�r~�8��a�<NwE�F��aP�\�P�ܸ��J�ڙ�e��v��ȮQ�Q ,��.%��^ΎYk�Y~C�x9�Y��R��{�XW�,*��5�a7��b�Ǧ�,g�BB��n��!��:�8"T��3�D�}�?�9ᤉ(��V�nϙ�0�Hƿ�0�{��_��l

Sections

.text
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0906468f8b94f773eff68ffb89da3bb8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 492KB

.rdata Size: - Virtual size: 2.0MB

.data Size: - Virtual size: 161KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 317KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.text
Size: - Virtual size: 492KB

.rdata
Size: - Virtual size: 2.0MB

.data
Size: - Virtual size: 161KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 317KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.0MB - Virtual size: 2.0MB