1b2b2cbf8229dd847f02d06c7176e9b3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b2b2cbf8229dd847f02d06c7176e9b3_JaffaCakes118
Size

5.3MB
MD5

1b2b2cbf8229dd847f02d06c7176e9b3
SHA1

fb6cfbc3bea7c58dac5c60a357dbb14f837b744c
SHA256

2efe52df7c398d92dabc42b1eca8bf96576a3f19763cc15d692bda52132123d8
SHA512

e8f3c575be63798dfa0021872212d4816db635e3737b8f9f98e0966ae7b277e42e6af1a9d441842fd3a57e9ff6d57d56c7b8e3bcc18d920df424da847b564ca1
SSDEEP

98304:dK5V69rPjYbyF7/YrLaG7oRrJowe7q8wUcRFIyf8BPzQtouyboe/rFBwA:dK+9rwIcfaCoVJozq9RFIyESou0Bw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1b2b2cbf8229dd847f02d06c7176e9b3_JaffaCakes118

resource	yara_rule
sample	vmprotect

resource
1b2b2cbf8229dd847f02d06c7176e9b3_JaffaCakes118

Files

1b2b2cbf8229dd847f02d06c7176e9b3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c437374c9e1f35a678d082b7683706f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetForegroundWindow
MessageBoxA

gdi32

GetTextMetricsA

winmm

midiOutReset

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

inet_ntoa

comdlg32

GetFileTitleA

msvcrt

malloc

iphlpapi

GetAdaptersInfo

psapi

GetMappedFileNameW

Sections

.text
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c437374c9e1f35a678d082b7683706f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

msvcrt

iphlpapi

psapi

Sections

.text Size: - Virtual size: 7.0MB

.sedata Size: - Virtual size: 1.1MB

.idata Size: - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 12KB

.sedata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 4KB - Virtual size: 72B

.text
Size: - Virtual size: 7.0MB

.sedata
Size: - Virtual size: 1.1MB

.idata
Size: - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 12KB

.sedata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 4KB - Virtual size: 72B