747e5749ed034b564768d3f3d2bd1d91_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

747e5749ed034b564768d3f3d2bd1d91_JaffaCakes118
Size

5.2MB
MD5

747e5749ed034b564768d3f3d2bd1d91
SHA1

811b24f5ce290b00b088664429a6fce24fa1d932
SHA256

228deabcbb5ad4046936600df8a1305e4bde1b3955de6319badc956a07d66d9c
SHA512

d96536f8b3d471ef944952b9be98f7798e15f3553e66321842023e53f42fb8cff5a88eac7f3f8f90d4d882b43705ef6f55af7165238e9709b1a4cb947736e899
SSDEEP

98304:chMcfWR3lxkPM/dFq94VGz7ZR6CkK7UJayqX+RpdRtWBcPlO+QREqlXY39M0Gci4:cm0MlU4VM7Z57U8hORpdRtZP2lX5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
747e5749ed034b564768d3f3d2bd1d91_JaffaCakes118

Files

747e5749ed034b564768d3f3d2bd1d91_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0f95a431ac4033f952fb4eecc31cf15d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

OleInitialize

oleaut32

SafeArrayCreate

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ