1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118
Size

4.0MB
MD5

1b2994247bb30f34d0f7ffbd946167b8
SHA1

e627b77eb6f4af5955172c0d8336485b0c56bdc3
SHA256

d144cb7a0a0be9a3e9ac2a052192821c62567311a02ba4c1d17f36c1645f9d41
SHA512

d9b8180573cb3358135c3cb56a7ab31b9b95bde8a0890a87e5f4e3355f2675aa0a52839f491a64ae3ebd54dc0889c40766366a3b7d290559daa1ede6ca4a2ec2
SSDEEP

98304:6WS9rzT+AnlasvtiGqPrYbSBgOQ7885oucy/+NMumE57VgQCnRlvQaHhXCWPZ0Vq:6WS9rzznllAlPkbmQ78KouROMuBFVg5X

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118

resource	yara_rule
sample	vmprotect

resource
1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118

Files

1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

820ab95fb5e179c5f6e8238c5af71d39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

psapi

GetModuleFileNameExA

kernel32

RtlUnwind
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDlgItem

shell32

ShellExecuteExW

Exports

Exports

��;�ۘ�k:|i��0�Q��Era3�B��~��镵XF�`�N$ O3(��k�R��Ը�Y��i�(bqT�*V�p�- F��{��=�a�z��Х��uť�H�a��GZ��M��Σ:��e �5��3�-u- ��>��TEnI��禫U?�,~J�3�PT��PJ�Wo��(�Մ�?!+�a6��yL*fy��O�L� �4�Ӣ[P��%�* ��"��kUJw�ǎ�$��R à�v��nS��C�=��H٣N�H��,��ɛ��ޖzh=�� z�U��-�S��S��n1�*��:��IY�Q)R/M�r1tY��ی�ic�Iܘ(��(�6��g�Mv�6ɅT�#�T�w��4�3��t�� .Er�g�@��#p?��e��I�S�q��t��83�<e��Vx�� J��I��0�JtV%y��VQx��d��?��s�ZҙI6� B�{>|w�Ui�M��SD��5�"��>I��wh�|�ܵ�L:��S^��R�𤅨�g$��M�w�y5��K�(m��It!)b��Mk!a��x�)��p�$��W��I�2X�!��U" ��6Nt��Ôd, ��XYS�:��>�zA� v-��1��8�<3|hy �4pH`�� )~�KRu�OUۼ&P�z��A��9��{��r1��G��c<L"8��+�ue�V��ص� 0��l��ϧ��cs&݆ț�<dC��i��Yt8��}�� s�4��> }�L�p� fxC�a��̅��H�ͷ;I[�eǧm��.b� pӞ5�ݳw��ҡ��q��o�-�1Y�;��z��)*� $X�k�4?��0a�ΔVMW��G�K0��,�s��cJ/h�� v��Q�DVe=�ye�K��O�Cz}��l4��a8 }��l�Z��ݸ��t�:+6|�(5.u��M�_BP%6�fd�0��.�� K�M�Qx} �,��e<��~j T��\��B�.��9O��T��n4X;��\=(\35�4��a �tC�3��蚨4�l��L+�$°��>��G~O�F�Cl��y��)#2��Ŧ��%A�4yp��p{_[J�Xƌ�^ ��8X%��^ø<�\^�C&U@�J��Ɩ#��e��O�c�Ãl@��N�c:��",�:�x��e��7��p��R��Ӛ��!�x0�S��*C��ir8b��r�^4�I�9��'S��B�wfj�[�2�i�q-R�1��h$��=��R�O'q��V�� WJ{� �O�J>�d�UA��Z%{�es�+_�˂��*F7I<)��9��K��~�p��(��|��C�s��4�o��ͫ-��N`;�NUQ�G�S�<��~9��zx��;F$�B5��ލ_V�%;N�,}P��-(�C��R�C e��֮<��C��%DH��i��q�LBn�XC0�Lj��ʃh!8��h�.��KQ��}�e��w;��)��qBcVN�� M��aHx}vo�=�� 4Υ�k��1s�� Y� 2�N��0)�NX<�oYʩJ"D9 6m��"��[��==1C��&�#��t�b��i�{|��e�� okl &l͹,ؕ1�S�~�PZ�X$9��ALU� V�r�1�.�;�#�G�xfMkZ�=��W%.�5͋��"1`^��o��Z�ȁ��C�Cz�=�� |��8�w�t�( ��31��$��X��+ 8$��k� Hщe�g[�4� ��"�7� ��H��u�{م��7�O�ށ]f%�B��^�� h�WE��Q.8�W�d��w�J�`��*��4��fwrs�m��:7d�U�p�[�Y�y4��#�J}h�?�FX��J``L��k�h�Fd�4$M4�.If��L�L�{�: <�G�b�#�4ҵ��M9k��9��TA��M�iMy�d%=�@��;�3��;{��J��u�l�ER�A�=��}�&��ݕ�p��~��1��z��h1��#��Ϡ�@��|}<Z��wITd��b�) �<��B�=*��w�-)Y��K��||q�9I�o��ӳ;FT�1��Q�D�(�r��w��Փ`l"n�3�﬇d�>�ԾO�(r��J�� me`WJ�@�d�<\*�$b��#2�Uk�7��!]<�ʶ��^��J�*�7X��K��bޖTyQ*j��[��]+��!�̗#m��^F��ݏ�sR�� Sqħdxn��B7R-lM��zi�s��J�5�1"��:O\��L�?$v�z��E�BK��;UB��␰q��Y�+X�x�� h��@e{C׬厵��\=�(>�ۿ��}(�˧U��-�7sb��,/�1-�G�t^��f� k�}3��g�:��r��݌7S��V��(�(�ITPs�nv�ʼ��1��n��%. \�yv7�:�E;8�iJ�w�(,ӟ�l��l}�v�xS�&��AK�[��^h��&K:B�Ƭ� B,�6k�^/a��b8� 3˚܃[��y�d)�w��(�j�ԏ��(FjO��n+��A�` �u�8:�v�4mLK;��S��Kk7��c�ߜR�㔗.��H��]G�ni�p&� �^q[�� ֐�,��?qM��`��CK��/��)�β��=Qִ9�ĊPL,$(Rj��u6UJ��UB3��f�+��jFK�⊊JHQ5N纪%��v�m{'�q�4�Gx��~��z?O7�Տ��A�� !��j��P��V`��x��s�E�Ub��wE��>�^j�EI�zN\�o�C�f�&b�ص��zp�#�j 3�V��6�K��N�4r#p�ʊ�� Hѐ��$n�Fk��~�W<O;��aE

Sections

.text
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

820ab95fb5e179c5f6e8238c5af71d39

Headers

File Characteristics

Imports

comctl32

psapi

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 56KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 2.3MB

.rsrc Size: 12KB - Virtual size: 15KB

.vmp0 Size: - Virtual size: 1.5MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 4.0MB - Virtual size: 4.0MB

.text
Size: - Virtual size: 56KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 2.3MB

.rsrc
Size: 12KB - Virtual size: 15KB

.vmp0
Size: - Virtual size: 1.5MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 4.0MB - Virtual size: 4.0MB