1b2c1352e87114103ec76996738e3c49_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b2c1352e87114103ec76996738e3c49_JaffaCakes118
Size

1.5MB
MD5

1b2c1352e87114103ec76996738e3c49
SHA1

398f60ce9087b7cbecd6108eba70c867a8205428
SHA256

1cd18f06f69e00f212bceba4b149eee6ff820e27c3c929f4c315061696069f22
SHA512

7c7f4eacef92f998d75cc31fb05c4d8f1a0fe808862975671c5709f300dfb48ffe649f3406075f2f2c23d8e350d921ecf92da33affd5c132106eb162edff7732
SSDEEP

24576:7qRoXbnVg74xPkmh6EcW2bVMeMGVSu/mWGK1djzXv:tLniMCmh6EcfVMOSkm1K1djLv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1b2c1352e87114103ec76996738e3c49_JaffaCakes118

resource	yara_rule
sample	vmprotect

resource
1b2c1352e87114103ec76996738e3c49_JaffaCakes118

Files

1b2c1352e87114103ec76996738e3c49_JaffaCakes118
.dll windows:4 windows x86 arch:x86

af2cbd27ec8b039a3073c15884406a25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup

user32

CallNextHookEx

kernel32

LoadLibraryA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��| �^�D��w��U@H�]�L�� Q�"x��j)/��P�? ��m̠n6*�~د��8�Ē�U��2F�݁a�a~�6��C�u&f�.��G�@�]�X-O��dÔ�r�5��,Qk��2�U�m��*�Q��Аŗ��v��`ӿ@?G�ۅ�ү"V�8nw&`R�y|��d��Le�^H nY�:�}˶�BmqJ� ��C��QO]�y*�/ed�O0�Y�i6��#'7:�4A��6�Q��d�L�5M��dA�+}$y�V^Y| xc�jQh�9U� 4�}�';_i"��Or�īG��&t��_{p[u{�>X~�7��%T�?�Q��(y4�� Զ�ŖW�MmN��"�� |�m" �鍮m (��ݑ� �L�j��f��;��{� �n�(w��I�o1I*�9�:9��)�4��Ad��0INx ��ߥ_�U��d�;��y�HJ$��0�!�(v��с@��}�oא��v A��,�^��pW �{[��5��"2F ��}��D��_M��Zo��F�M��P^��<}��gJ� �ik��P|��۶�hyo&=1j֒�\��ʃ0櫋��*��t�b�h��&"��,!ژ�I��`�[ŵ�r�(;�~� �G,�#� ��VeᲜ��^f;c��=��/ |�ܮj̚i|$PV�&��{��b��e�}�Cm�B��8�i�\�t �VH��@�hU%@F&�O��x �w�5e�;o��8��d콰`�"��e�Z�=��GNk<x*��F��C`��w�9�M�|L��M7h) ��^��'��p��E�:A�ךH-CFo��K ��t3�� tO��[Fx7љ�I6XC��8��7�%�٪�x�d.�C�!W�\��@T�@�S�⚑��1!��Z ��`b��<�J=�$H =*�g,~��6c��T�� %z�z&@��mߓv�h��\O�2\�c�ą��Ihv��~��\X$��L��k/�y��=�wQT�p�h��*_XNkP�RVR��v�X��Ԏ�{��6 ��+N�TP7��*^�p�aa�}ΐ_F��ԲӔ�$�송v/S�@;��a�}� /@lZ��"��pǞ�&�g�o@O��N-4�px��<�6��@Eb�(�&:3`��1��I�J�K"b��tWL�Y�=i�3p�h�� ۛ=�� BiTZy��@rs�}��^.Х\4}^c۪��6Mgѫ�o��u{F��|\��i��~(��t��n�'>�V��Ԟ0J��R��^��+GrY�tq6L��1��\W�"Xn�e��F� � w� ~C/J��g��S�P^��uY��D�L�4� p|��g�,н��ǧT��+��z��C (��O��ǶĖ��I�=��K!{��`t��lε��T!��oi��:�2cIbE>�s��xEآe��$1��I&��^��^E��bo�B��B_!�fH&%�ύ'�� e��w��M��2� ��X�O�fN��+��Z'$h�s��5)t4�[Hl��rL|F�m�a��`�Y�}K�ϝ��mw�3~��gݶg�"s�(�]��;W�_%��^tl�m9�v��8�\:Y�˯q��vUyX�b��{�x�e�',3��}��+�p�o�%��i�t��4?~E��yXry6#��q2��{7R<��\:�e�u`��h�4�4�~>Ҵ2��C�dD�x}� t��{N-� ��F��o�&P��S�{��?��/��t!/ӽ��Q6�_�t�Չ��b��p9d(IŁ�TbW�^��2f/m�O��͟�ɒu�mX�Xڌ��D�\��u"T�=l��>��j��h��w=ay�O�Y�+��az!y��F�xS��:0�p�2�$��W�:�"��U��U ��l�� 2��qz8?�`Z��,h�ߦ�DG�6��m��h+;�*�i��^n|=]R%�zY1�JD�b>N�7�&�!��gV:.S�߇�E^�k�8�ﬨh�Q �2�!�*�^ )m��Xt),K��O<�2��u��o�H� ��>QA>�t��c8��SNy_�#_@�h�h�F5�m� �a�w"c?�,�v�I� g�a<��N��u��;4.)~S7�Ԣu>@��,"r�N`2� �]��wDK��N��f��Ud i�n�Eh��{C��6�ص��2�3�䞊� T�Xhn��M��^z��H�m~WD�hb��ؓ�E��xs!��q��%L��܏�џ|6�{��;/��B��?�[�> W�ˉ��b1Q�-3��Ƴ T�>3J0/�# ��l-Y�G|Lf�FPE��w��P��7`��,U3u��v}�t��~[(G��H.OMy��h$�&�t#w�ak� %<�[HD��a�� R~NO*w��Xڧ� ��<�%�� E��|�6a��~�-O��Ҟ{��1W �1k� n}8W�.�x��RuI/��"�c� �M� F��7��5��n��e��%xE��"Na+n�tsBI��Q��m��c��u7Z��7zW@�q`һN$�J��s&�c��R?v�7Ϙ^�w��x�_�n��YJL5 pa�݈N�f�E��x��X��2wa? ��+;��L]Yg-"x�+ɡ{��&E[�|M�`UQ(ru�x��F��`�]3=p>�� vN��a��y%��F��j��N-� g�rϼ6 oB�يe~�}y�q��+��Z_�+�!0�>A%��6Q��Ml'��xK��@��ޫ̞��k�vi@6 �+�{��໒�pG �� H��,�}
ComInitAcc
ComInitAccType
ComInitAllIps
ComInitIp
ComInitPort
ComInitPwd

Sections

.text
Size: 664KB - Virtual size: 662KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 704KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af2cbd27ec8b039a3073c15884406a25

Headers

File Characteristics

Imports

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 664KB - Virtual size: 662KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 30KB

Shared Size: 4KB - Virtual size: 824B

.vmp0 Size: 16KB - Virtual size: 14KB

.vmp1 Size: 704KB - Virtual size: 701KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 60KB - Virtual size: 59KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 664KB - Virtual size: 662KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 30KB

Shared
Size: 4KB - Virtual size: 824B

.vmp0
Size: 16KB - Virtual size: 14KB

.vmp1
Size: 704KB - Virtual size: 701KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 60KB - Virtual size: 59KB

.reloc
Size: 12KB - Virtual size: 9KB