b5386fd5112a53e7240a9863f74142a1_JaffaCakes118 | Triage

Sharing

General

Target

b5386fd5112a53e7240a9863f74142a1_JaffaCakes118
Size

4.1MB
MD5

b5386fd5112a53e7240a9863f74142a1
SHA1

7f30d748e1ff0803302eda60d01dff7ab08e8de4
SHA256

21d6250b55dedd6700fea90ccdda3134cfe69e91964a9bb6f266c108258a25a1
SHA512

b7da980c36c0670e187e694a92b2815fa3074d44664f7ed24523b952c19df20134dcc451062d01ca4acc345e5ee76fa858ccc341d1571dca9d8caf9c2d82bd45
SSDEEP

98304:Z0s9CHbeFcHsBIhPkKylNbZ/G5DrBwbDwrf6nO5:Z0sgHb12IHylNbZ/2A9+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5386fd5112a53e7240a9863f74142a1_JaffaCakes118

Files

b5386fd5112a53e7240a9863f74142a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ