fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118 | Triage

Sharing

General

Target

fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118
Size

688KB
MD5

fe190fa19206fc7f07bd4d8408190dcf
SHA1

58258c31b2bd81485cfc1d6452fa418730f93879
SHA256

d0b2758fa189a9c465ce6500f7f225ea6201c217af1cd80f095e10c5baef9643
SHA512

e6ddc82179fd90d0e5ac4fd60fdacfdd07a5869102e6882a3adfb26ee5882efc7c9b9afe922cbe41f14f2408dc781e20cbb56a61c19c65e9578f21ea9ff53409
SSDEEP

12288:z0jO6UKCkocDrq9HHXLMzmM4z9bKScZtmB/338F3i2jFKeH01g4+z:Z8ocCXLKmR92ScnmF338Fyhgv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118

Files

fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

820454fe7618f2888226d092b903251e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5875

msvcrt

exit

kernel32

WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsIconic

gdi32

CreateFontIndirectA

shell32

SHGetFileInfoA

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 680KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ