0891351d785457646af51a3121f75f1d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0891351d785457646af51a3121f75f1d_JaffaCakes118
Size

91KB
MD5

0891351d785457646af51a3121f75f1d
SHA1

f4e2683af64860ea84efc1f309ad89735c1844a3
SHA256

d26f5dcd8b493c94d49a805bcf73006da088828dcb6a6be3c30f9b1bb9c9cd90
SHA512

a2a69a16b62d6fa31dd0e9ff101260934678e85d897dc79452e37937cbe94f6e8de57b9a98f4d4b7100263b16a28b49f8e3f2b2c102b2be2110a24aa12996b50
SSDEEP

1536:15g426qx1JTi/Lb0Eb51jlljs1nRXDir7mYUHIEkB7Y9k4W44aUa6BilK44tbN:15g426ec/P0EN1/WJDiuYbB7Bxko0cR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0891351d785457646af51a3121f75f1d_JaffaCakes118

Files

0891351d785457646af51a3121f75f1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8f553fafbe0ece9d080f14f5c71015d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

_XcptFilter

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE