1c0225bdf8e7c7fc956ab3d212e75c10_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c0225bdf8e7c7fc956ab3d212e75c10_JaffaCakes118
Size

524KB
MD5

1c0225bdf8e7c7fc956ab3d212e75c10
SHA1

bec5cf0c2ab8802229ef5c27a28f021db3241ff8
SHA256

6fe20ff062b6984db3b53409681f9effd51ba1f8d52583ba932148ebdf753435
SHA512

3b31ede8b4296c7b660fcd9f9aee9480e211bd9e438165888cee3e7e45a286281e46fcfac975a6f5c7051b3b536b8b318331400219a98bb23361366f38d86f95
SSDEEP

12288:P3dia0V/LcQzxKfptPZ8aS833molJV4N5SMsD2Ksy/LWC21W:x0V/LvzwRoSmolJV46MesKLf21W

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1c0225bdf8e7c7fc956ab3d212e75c10_JaffaCakes118

resource	yara_rule
sample	vmprotect

resource
1c0225bdf8e7c7fc956ab3d212e75c10_JaffaCakes118

Files

1c0225bdf8e7c7fc956ab3d212e75c10_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1e046385d6405c07a1fa0882550cce73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
IsBadReadPtr
MultiByteToWideChar
OutputDebugStringA
Sleep
lstrlenA
GetCommandLineA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
GetLastError
GetModuleFileNameA
CreateProcessA
DeleteFileA
WinExec
GetCurrentProcessId
DisableThreadLibraryCalls
lstrcpynA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA

user32

SetTimer
GetAsyncKeyState
wsprintfA
KillTimer

ws2_32

gethostbyname
send
closesocket
recv
connect
htons
socket
WSAStartup

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 444KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e046385d6405c07a1fa0882550cce73

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 19KB

.vmp0 Size: 8KB - Virtual size: 4KB

.vmp1 Size: 444KB - Virtual size: 442KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 19KB

.vmp0
Size: 8KB - Virtual size: 4KB

.vmp1
Size: 444KB - Virtual size: 442KB

.reloc
Size: 8KB - Virtual size: 4KB