896d4e452946b17b64a85779a9ae9f78_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

896d4e452946b17b64a85779a9ae9f78_JaffaCakes118
Size

1.3MB
MD5

896d4e452946b17b64a85779a9ae9f78
SHA1

6f5f67fb53b4fe761f58a7767874a083471cb491
SHA256

f3d08dbd85970b23c7348904c1af3a8667d65c508495bce8591f6143afb094e3
SHA512

0c7c0b6cc094e21ed9e2b2a68f82d86fd01f99323d56b11541ed4a71b838e1c0518bc1f28a9493aba68368ba4e279fe28093cc40e694f6d479bf006652377b7a
SSDEEP

24576:fqI9XNzeOGdNZcO7e0CmEck10fWs6KNFyiCIpcKvqQu:SI99zZGlNe0CHcpfJVNEiCIpcKvq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
896d4e452946b17b64a85779a9ae9f78_JaffaCakes118

Files

896d4e452946b17b64a85779a9ae9f78_JaffaCakes118
.exe windows:5 windows x86 arch:x86

872056a4999ca7343cdb483228d6d26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ