1b8f3685fe8e5151d81e8fe2479ff1a6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b8f3685fe8e5151d81e8fe2479ff1a6_JaffaCakes118
Size

461KB
MD5

1b8f3685fe8e5151d81e8fe2479ff1a6
SHA1

16a591846689814691d7e4f95319233cb6c19b6b
SHA256

b4cc5c0a0c436c6e0b7fb65e557f4d88f9a4f5780c0dc9fe02bde95ec69d6b28
SHA512

0b87af993286a78d460794f1fd84cddf1a7be14f124a03978992726bec0e4afbe4f6491d445640f491731996bec23f55d85f825dd3ebecfcabad71e2342bc53d
SSDEEP

12288:p03cXKUoSaFcRRd09NcwKQdyEvZGgbFzb6:p03c6hcRboK4vcgbFzb

Score

7^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1b8f3685fe8e5151d81e8fe2479ff1a6_JaffaCakes118
unpack001/out.upx

resource	yara_rule
sample	upx

resource	yara_rule
sample	vmprotect

resource
1b8f3685fe8e5151d81e8fe2479ff1a6_JaffaCakes118
unpack001/out.upx

Files

1b8f3685fe8e5151d81e8fe2479ff1a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6ebfcd440d73ebb81f959333b33a938

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
FreeLibrary
LoadResource
FindResourceExW
MultiByteToWideChar
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
WideCharToMultiByte
DecodePointer
EncodePointer
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetStringTypeW
IsProcessorFeaturePresent
Sleep
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

rand

user32

wsprintfA
MessageBoxW
CharUpperBuffW
wsprintfW

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6ebfcd440d73ebb81f959333b33a938

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 35KB - Virtual size: 36KB

.vmp0 Size: 1KB - Virtual size: 4KB

.vmp1 Size: 387KB - Virtual size: 387KB

.vmp2 Size: 34KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 124B

.rsrc Size: 62KB - Virtual size: 61KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 35KB - Virtual size: 36KB

.vmp0
Size: 1KB - Virtual size: 4KB

.vmp1
Size: 387KB - Virtual size: 387KB

.vmp2
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 124B

.rsrc
Size: 62KB - Virtual size: 61KB