0b7e53f90df7fc4a34b8f55efabf86e2_JaffaCakes118

General

Target

0b7e53f90df7fc4a34b8f55efabf86e2_JaffaCakes118
Size

291KB
MD5

0b7e53f90df7fc4a34b8f55efabf86e2
SHA1

bc218491645456e24dac9509e279a40fc1fc8369
SHA256

520b57017ddc37f1b1b85f1952f5aa75468fdc43242bddf52374e950c941b88c
SHA512

e741cb69c7a005aa674e8c09f8992f2f90778cfd984f879520db4527c848bf7caa5a70646fabf8f6cb0036ff6d3a851424d498ffc546a5f95cfa78b1428d8bf0
SSDEEP

6144:V57/5lmCF9B222UGBM2YDoKijltGXuzNaarTazcdul6DU:r7BlmCFX2EGOFDoK0ltGXuzNaarTazcd

Score

10^/10

vmprotect

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b7e53f90df7fc4a34b8f55efabf86e2_JaffaCakes118