1b5db4a5f104fa735c514aa6aee09039_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b5db4a5f104fa735c514aa6aee09039_JaffaCakes118
Size

1.1MB
MD5

1b5db4a5f104fa735c514aa6aee09039
SHA1

399c7c9ba76edba489b9198126736c812d2aff90
SHA256

039f640a7359b07681a93998b2292cdcc5b4250394b445ba71f90302739da4b1
SHA512

df8c70aec00fdd2ead727d510ea5e44bb4b04f02705f6d7d5acf00aa744809c69a69e5ecf49378588103ac068e14ed93f72c93a808914c295ef82574718b28af
SSDEEP

24576:nCKcyKz2Z1vnoSsaZcvRiyIo/JwMJ2BTlXcQ0ZU9n8D5qWBI:CKcyK4nsvI2Uh53cot

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

1b5db4a5f104fa735c514aa6aee09039_JaffaCakes118
.dll windows:5 windows x64 arch:x64

68f3921c84ed7c7d7edea1942a2dca26

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20-09-2019 00:00

Not After

19-10-2022 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20-09-2019 00:00

Not After

19-10-2022 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a2:b7:42:dc:d9:57:40:68:7d:48:94:85:66:f5:43:84:35:59:7a:b8:61:9a:3d:e0:87:f7:75:0c:8f:c6:73:4a
Signer

Actual PE Digest

a2:b7:42:dc:d9:57:40:68:7d:48:94:85:66:f5:43:84:35:59:7a:b8:61:9a:3d:e0:87:f7:75:0c:8f:c6:73:4a

Digest Algorithm

sha256

PE Digest Matches

true

80:18:55:4a:1a:65:ae:f3:33:a4:dc:44:f4:b0:bf:e3:4a:a8:36:23
Signer

Actual PE Digest

80:18:55:4a:1a:65:ae:f3:33:a4:dc:44:f4:b0:bf:e3:4a:a8:36:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

crypt32

CryptVerifyCertificateSignature

hid

HidD_SetNumInputBuffers

kernel32

GetVersionExW
GetVersionExA
GetConsoleOutputCP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBeep

gdi32

GetStockObject

winspool.drv

OpenPrinterW

advapi32

GetSecurityDescriptorSacl

shell32

Shell_NotifyIconW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW

ole32

CoCreateGuid

oleaut32

VariantClear

setupapi

SetupDiEnumDeviceInterfaces

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
E_GetAuxFunctionList
eb_SendMessageW
eb_TrayIcon_ShowMessage
eb_service

Sections

.text
Size: - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68f3921c84ed7c7d7edea1942a2dca26

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

a2:b7:42:dc:d9:57:40:68:7d:48:94:85:66:f5:43:84:35:59:7a:b8:61:9a:3d:e0:87:f7:75:0c:8f:c6:73:4aSigner

80:18:55:4a:1a:65:ae:f3:33:a4:dc:44:f4:b0:bf:e3:4a:a8:36:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

hid

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

setupapi

Exports

Exports

Sections

.text Size: - Virtual size: 836KB

.rdata Size: - Virtual size: 247KB

.data Size: - Virtual size: 57KB

.pdata Size: - Virtual size: 49KB

.vmp0 Size: - Virtual size: 510KB

.vmp1 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 512B - Virtual size: 36B

.rsrc Size: 36KB - Virtual size: 159KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a2:b7:42:dc:d9:57:40:68:7d:48:94:85:66:f5:43:84:35:59:7a:b8:61:9a:3d:e0:87:f7:75:0c:8f:c6:73:4a
Signer

80:18:55:4a:1a:65:ae:f3:33:a4:dc:44:f4:b0:bf:e3:4a:a8:36:23
Signer

.text
Size: - Virtual size: 836KB

.rdata
Size: - Virtual size: 247KB

.data
Size: - Virtual size: 57KB

.pdata
Size: - Virtual size: 49KB

.vmp0
Size: - Virtual size: 510KB

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 512B - Virtual size: 36B

.rsrc
Size: 36KB - Virtual size: 159KB