ffc5277b1c0871613b8950b70bf70809_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffc5277b1c0871613b8950b70bf70809_JaffaCakes118
Size

236KB
MD5

ffc5277b1c0871613b8950b70bf70809
SHA1

c2736ca482c868d0d297d359ec297be8b2ef9e22
SHA256

ec8e8a38e70db8e12d9ab67ea8b42b3ca22dde5245656e7435fd01a4866ec764
SHA512

ca603ef3dbe0a1bb2e7af7bc768652f125d1b38a7b7e2ca8fbdec3058ecbb6c7810070c974e998e02f92b9b6b9bb106fe5f6f545dead0c377cf926254bb9736d
SSDEEP

6144:A5CWqvX715zlERLgWxvJ1bEJyQz6HP7T5:AEWqD1HGxTbEJyQzSPR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffc5277b1c0871613b8950b70bf70809_JaffaCakes118

Files

ffc5277b1c0871613b8950b70bf70809_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f23cdd2b6d1a72d6a5999753e10dcc77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetVersionExA
HeapAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

iphlpapi

GetAdaptersInfo

Exports

Exports

ExportsData
GlobPointer
GlobPointerPartiton
cdfc_devices_devicelist
cdfc_devices_exit
cdfc_devices_init
cdfc_devices_patitionlist
exit_hdd_vender
get_hdd_vender
init_bitmap_free
init_bitmap_get
init_bitmap_init
init_bitmap_set

Sections

.text
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ