5dab6e73afd5e3c7e73b4f5003f8b394_JaffaCakes118 | Triage

Sharing

General

Target

5dab6e73afd5e3c7e73b4f5003f8b394_JaffaCakes118
Size

4.2MB
MD5

5dab6e73afd5e3c7e73b4f5003f8b394
SHA1

70423263f4588db8dc4ad73b1b48eee476da29d3
SHA256

4d27b20738d72f05c725b269b3592f91fe1f8d107b2bdf6f1a66101f68c92fc6
SHA512

fd64e722f7d348573a27c04414454536b3f0fafdb5cfb90fd925f0d114f0c7960bb5d01d3be29fb1cb65491c4d95d0deebebc837f0e976497660a5d8a41f6c46
SSDEEP

98304:0OghJVFG+lTLiUkIo7dkbYtxrETHMU6Lvj9lO6t1IrICgyhg:4VxlTyIk4sUujBQrNj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5dab6e73afd5e3c7e73b4f5003f8b394_JaffaCakes118

Files

5dab6e73afd5e3c7e73b4f5003f8b394_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2cbab221da3d06486b86087bd1d864ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegSetValueExW

shell32

ShellExecuteExA

winhttp

WinHttpSetOption

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ