ebafd75c74e630208ad4418e78139808_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebafd75c74e630208ad4418e78139808_JaffaCakes118
Size

7.3MB
MD5

ebafd75c74e630208ad4418e78139808
SHA1

dbd4756e55d4bb6689e91f435c3c5c9108df2795
SHA256

bbca2070f5ded2e099f9e7ffa49e3ea9fe4f2460c6144061abb7fa38720b2b1c
SHA512

93294cfbca6f3e3b01609f1f71611957f70240d5c1b1f551dacb16bb3b56da0efb0883c87a9935b1504a13205f3f03da96d6c9786a9a1cd5d7c54bbdb43d0fe7
SSDEEP

196608:OgJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2uJ2:OG2s2s2s2s2s2s2s2s2s2s2s2s2s2s2d

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebafd75c74e630208ad4418e78139808_JaffaCakes118

Files

ebafd75c74e630208ad4418e78139808_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ