f997ea22ea2e5fb00342cf4e8358a1ab_JaffaCakes118 | Triage

Sharing

General

Target

f997ea22ea2e5fb00342cf4e8358a1ab_JaffaCakes118
Size

1.1MB
MD5

f997ea22ea2e5fb00342cf4e8358a1ab
SHA1

03b660ce63e1ef698064092331cc7ac9c0eefc15
SHA256

20d793c765d5d8966bf8f52d6c3d2f0efd42068de2301566e98eef468099c093
SHA512

28f5bded3fb4b1cdddb11c3db2282676e38847cdd2039f4e5b4302cfbc6c208c85fba23b1f185b04266a65cc33044c8580aa5e5b10b37bb5a5b1930322426567
SSDEEP

24576:FXf+nj77fdMFhhspsIxUd7lyKAD64OwvQ932WWLhvo7hzo7jll7HiqI:Zf277V4hhsps+UjyKAqwvQp2fLWN87pq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f997ea22ea2e5fb00342cf4e8358a1ab_JaffaCakes118

Files

f997ea22ea2e5fb00342cf4e8358a1ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c30ba8faef7eda7fe7c18e06e3d0e32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord528

user32

MessageBoxA

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE