1b7b40073bd3ca17332ab591ca11e721_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b7b40073bd3ca17332ab591ca11e721_JaffaCakes118
Size

904KB
MD5

1b7b40073bd3ca17332ab591ca11e721
SHA1

3474c74788c5edb34ca5523dee7710644d348355
SHA256

c627b13c61517b223090739ae036fdd26fc442cdf57a8734f54c3e958b95d9e7
SHA512

d16a4f11ec419d2abd71ab05107b18a48504450a6773ba6d63b759388471ab15623eb0fdfbe040605b2fdde3d76a137ca0f681b89723e8a85deafdb5c565a1e7
SSDEEP

24576:JV0UwmI9qKdXKOPp3Q1wQgrKOvzs7wgQ7Sc13sef2CW:kmIUKdfhQ1S+Ovo7wX7V1Rt

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1b7b40073bd3ca17332ab591ca11e721_JaffaCakes118

resource	yara_rule
sample	vmprotect

resource
1b7b40073bd3ca17332ab591ca11e721_JaffaCakes118

Files

1b7b40073bd3ca17332ab591ca11e721_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a0dc28c63568fa45298a03b4ca0c838

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

engin

?CreateShopItem@CData@@QAEPAUtag_SHOP_STRUCT@@H@Z

kernel32

GetStartupInfoW
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

CharUpperW
MessageBoxA

gdi32

BitBlt

comdlg32

GetOpenFileNameW

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

Shell_NotifyIconW

comctl32

ImageList_Destroy

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries

olepro32

ord253

oleaut32

SysAllocString

Sections

.text
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 892KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a0dc28c63568fa45298a03b4ca0c838

Headers

File Characteristics

Imports

engin

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: - Virtual size: 204KB

.rdata Size: - Virtual size: 52KB

.data Size: - Virtual size: 31KB

.rsrc Size: 4KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 660KB

.vmp1 Size: 892KB - Virtual size: 890KB

.reloc Size: 4KB - Virtual size: 36B

.text
Size: - Virtual size: 204KB

.rdata
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 660KB

.vmp1
Size: 892KB - Virtual size: 890KB

.reloc
Size: 4KB - Virtual size: 36B