075a1925c413641c5391b9200f8b677f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

075a1925c413641c5391b9200f8b677f_JaffaCakes118
Size

972KB
MD5

075a1925c413641c5391b9200f8b677f
SHA1

064fca0db8c9084a267b1f0ce59038a6c409fa2c
SHA256

cc5537863ceaab1c4d24584afc0bebc51fb65072a166a97d5d7a3409af1323f0
SHA512

c1715248672766582345cebef4a2da5a4daab9ebce1c3a74a7b905448225880355e4588e44a6e275df719b529b405e78660d6645ea06e7bcf329d9aee2af5b48
SSDEEP

24576:zwp5Ls1eMMLOCmDfpp2hJdC0tHKwHAt3MsfdnPG9C0H:zwj2Zp2MQRsk9C0H

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
075a1925c413641c5391b9200f8b677f_JaffaCakes118

Files

075a1925c413641c5391b9200f8b677f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

613bc8dd3a2a7acaace062ab18b38640

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrcpy
VirtualProtect
ExitProcess

comctl32

InitCommonControls

Sections

Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 960KB - Virtual size: 957KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ