7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118 | Triage

Sharing

General

Target

7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118
Size

1.8MB
MD5

7742ea51a7d42c24c8f14486e0f8ea33
SHA1

9d5344689db9de4f447fc0bafc2d652c278a4871
SHA256

ebc8f263fd5391bc0352af40b7859b093742fe27a5bb7f90e6a55fd12667a2f0
SHA512

3c434d87aeeefb9166a3aed76a00a28e2d443f17c9b70a4e83df7743a92f98bf0bababfab96ddee7c287205fd2ac4598c252373a741389def5ad912d72e58a87
SSDEEP

49152:WVd8xZGhCHCdUBlcYiVz4+AH/jDkMVcbnuVNiDO5r3hzKMA:5ZGh2GUEV/RGcDuVwDO5rx2M

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118

Files

7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20316e7bcbeff296bc3ecf65e7e9be84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

ole32

OleInitialize

oleaut32

SafeArrayCreate

wtsapi32

WTSSendMessageW

user32

CharUpperBuffW

advapi32

RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ