0df735dee30be573ce76fbc70076903a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0df735dee30be573ce76fbc70076903a_JaffaCakes118
Size

104KB
MD5

0df735dee30be573ce76fbc70076903a
SHA1

57cd1f9895b38c3fa803638b05233bf6c5fabefa
SHA256

90dce062a5d6aa991d4552caa09533f340305eb504413dca9f74861680b6e6a0
SHA512

61fea491b6b9835351b373671eba472faaa4e5572794b22f597d46958714f34b49815620b478daed292a4ea5243c4c0606df1cc2411c11bdb2db113191cf2687
SSDEEP

1536:GnDhC7/Jb9RD2pDtCEQDx9s6zH7Sv0MfLu77z7aPPvicF3wKcUeMp3B7p+D5je:ehC7/JJc3CEeDzYfLGKX/VdF3B7pw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df735dee30be573ce76fbc70076903a_JaffaCakes118

Files

0df735dee30be573ce76fbc70076903a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7816e5d3eda301e02a0ec41f385c2c66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA

setupapi

SetupDiDestroyDeviceInfoList

hid

HidD_GetHidGuid

Exports

Exports

RY2_Close
RY2_Find
RY2_GenUID
RY2_GetVersion
RY2_Open
RY2_Read
RY2_Write

Sections

.text
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ