1cf4f603e84a8204e4ed018c88eb9070_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1cf4f603e84a8204e4ed018c88eb9070_JaffaCakes118
Size

148KB
MD5

1cf4f603e84a8204e4ed018c88eb9070
SHA1

bfbda738bb9bffcd5d6f435701337ae17f76543b
SHA256

33793cb0c9b72c116f5b95a5a86330342432f4bdb95a9419ab4daea2e48e8889
SHA512

1486fb8ebce681961631e452284dcf045a7c637a67965e9651be29554ff02f36692d28437b5fcb273c62512023b01cb0a93c554097915f6f27fe20f947892a5d
SSDEEP

3072:PXb3Qgw5Zwo0kEyp44a8JvEHDtVV4AT5Wgw6pQRHa+:r5sZC4XJvwLV4E3cHa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1cf4f603e84a8204e4ed018c88eb9070_JaffaCakes118

resource	yara_rule
sample	vmprotect

resource
1cf4f603e84a8204e4ed018c88eb9070_JaffaCakes118

Files

1cf4f603e84a8204e4ed018c88eb9070_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4936b84ee1d00a9d83de1fa58ca0c55d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow
MessageBoxA

comdlg32

GetFileTitleA

advapi32

OpenSCManagerA

shell32

ShellExecuteExA

mfc42

ord815

msvcrt

_except_handler3

urlmon

URLDownloadToFileA

msvcp60

??1_Winit@std@@QAE@XZ

ws2_32

closesocket

wininet

InternetOpenA

Exports

Exports

��B�X��a��H:Jrsu�_��5XA/�f.�5Y#�D ĪlRS�Ec�Ds�ͧ`��.��BQ`��4��Vɚ��d��{� 5�+z�!�=9u� 4�7jq��7k/��Z��WT��!�BxC� I�t��nƨ� ��qJ��xmE��-,�R��ja�>�n\a0,1��oZD�)��c%��_�h��`�,�W�-]��x�m$=� �9�'�a�Dm�s��q��[ !�Z�v��ޙI �Z��R��. M+S�f��T#�i��_H��ybσ�m�s��m��ʄ\A�U(W�&OC8�00��1�� h��t�xO«ň�U��q�G�G�/�5%?��Y _��F�P�E�Uf�=��?�3�^��]�@/F瀀:тl��\��k�y��X�H��$'6��L��u�`x��UYM+��o�ڛq�頡��İG��P�K��G�� ўy;��@K�/u�a � �.e{f��=ٰ5��$�� +��Z��^��x��|j��YT2<�Ps��J�L* ��p��ت'$U�Xq#X�� P↹�Am��H�'f��AWp��k'Q��gh��)��ʵ؝��`��A ��ƈ��}{��|N$W�v��o�c�n��Y�I`]^��`�p�P�zeC��"bIe�.�H��W��`��ʌ�K�o,�2џ��g��l 5�w�!��1��~��jFa$o�h1o�R�� ~;�x��MBL �JR��e��L&K��X|�{!y��@�1�1L��6��c�� 1T�r��[)�TXx��e��Bg��Z;]r�/�.��6�r�%��Z4<��ҏ5y"BO�k�q��<�0 �v��X�1hͽ��V�L� ��g�ɆUI[F ��/_܋�:��yN�5@�yUݘN��T�"?�U.��t��Ky:��F��W�e�,Ӎ}�p�d�k=P��j|R�7%7�� ,@�xh&�/�'�E��0`oC�Fu��>X��m��"0>�k��jD gXg�4��N��}�?w��0'AOq)y�^.��xr�`;da함��1��e��Q��Y��wz>��i��Q{��;bX:�<c=殹?�y_}�2�1��%פ��q� ct�L��9�OpF��-|�O�r<_^�u�29 ��r��d�;��gp}�vG�ѩ��[�𔚥i��s[��1� �o֝��|��UT��p{��tr�6 e��:�9I��,�P�=��D1�9 ��9��h5@l�,�IHPH�?=��ir4Z�<[8x"�Jf��4>�:��J<~��u��)��(�N��OhH_$;=�Vh��jaV��U]XTi��S׺P+Q��;�mk�my��g\�WQF:�9)xE�^1Y��~��k��x��T�t��, p�p�gdW(�+��4��J��b��% ��^�ek~丸�j��ǜnTCc7��Jrz��D��LB2FAoXZ��}�H,��W��/|[9��j�r'��I�<"��~Y��m�[�_;�LY�B�I��~hy�2��U<��E�YOz|~� �픳�\\)��M��]uq�A� ��kW��n`T�_��3��:��!O��/�k��p^lO��4S 4,��yR�,�w��1?��ҶY �m޸]�6�-�u�ȩa�wA�D��w8�p)ѕϚ��S�� rMd��g?��Us�y��lcX;\ �� )a��c�_Hg.�H��h*RY��/}��^Lk�W��͌I?�02\��v9|[u��4��5�k�[�ʂ��S��l޿1��w| 3ySf�I�C9�,�z��#��ʛ �"�CR>Б��鶤�O�8�K:!��է�cUWg�OK�-�4l��z�fzg��} 7��Z�� BT�wBv�y!X�J�6<��N$+7��g�m�zZ��N}o V#-��US��H�?� K�H/��@��T��o�(Vo {�\��ϒ��pd�*�v��d��)��ڇ�sj�-��s�t�6�c�;j��6�7��-M1�b��J=�Ś��˓��c�2HP��K��:h�q9��q�Ȏ~�7�.f��:�� ҇�E�%Q{��y0�uj�T�T�{zLL�M��K�M�J�q�ן�D-ho��G�H�*�F�ࢥ�)j��[��A<X(�Q�a��o��5P��oY��eܟv��+��Q�h�tf�:�t�A։�v`Z��B�-� *�v{�١��]Wdtq��y��S��,��v��{��;֬`��X��lg5�� O�mB��m�U0n2K��{��s:b��D��^�ta��(!aR`l�D�J�G��P�`c�vѣ�Y�� E��bu�F�˜;�Z��<�6^ߕ��{��Ƒ�跋�� 1 �od��Ȕ�R�� n��A'M��w��U6W��G��7cP��ԁn��ơ� V��$�g��0��z�y^�6�q��lu��n��K��֥&��yӌgv�خ��:��0� ��Ԑ.��Ok9z��~��a��8/�b7byed�%�ā�EC��;h <ΛѢL��KJ��"�)�*�U�ߪ�_��L��ʩrb�� df{Fp��|S��0��O��"s=�w��.g�z� =�Z�� `��[, ��W��8.NCqm��G��2��Ґ=D�Y��R�a�~��^��jUR� ��G*�?�Q��JI�KNb��w~`��%g#2�� fɂ�0q�� ]Rx$ ��<z��~ލDE5d��5/n��ִz\��FQWP�iu�I� �b^v��nj:.z@P. �B��V~U��R��5�M�h�*��y�1"�Ic�\?��

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4936b84ee1d00a9d83de1fa58ca0c55d

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

mfc42

msvcrt

urlmon

msvcp60

ws2_32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 22KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 27KB

.vmp0 Size: - Virtual size: 44KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 132KB - Virtual size: 128KB

.reloc Size: 4KB - Virtual size: 120B

.text
Size: - Virtual size: 22KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 27KB

.vmp0
Size: - Virtual size: 44KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 132KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 120B