0f87e110e01bd5094c7e4325bd8cb34c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f87e110e01bd5094c7e4325bd8cb34c_JaffaCakes118
Size

144KB
MD5

0f87e110e01bd5094c7e4325bd8cb34c
SHA1

ecb339ffe598ce5eb76953e3b3bfbcd9c34a5c86
SHA256

2495bc066da9830335e943e1aa5da38034976288f6a9b22995043a4474b725c1
SHA512

8000a1774c348c509e0c640b40461845a7036ce80c24db0945dffb663bfb6307577de4d80fcec85dc9887251a45b98f7f66c2fc794f9aa1aacc04e97ed021308
SSDEEP

3072:bk+BC3K5eqqFC7JWaVlCbSB3znO17I2+OUU9r+PqzB7Gc:gK7ZJWulxq1Co1gqzB7Gc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f87e110e01bd5094c7e4325bd8cb34c_JaffaCakes118

Files

0f87e110e01bd5094c7e4325bd8cb34c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

465d26967af1346f094e36253f9c8f2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtSetInformationFile

kernel32

WaitForSingleObject
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ