102152cadb150a20462a87499702286a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

102152cadb150a20462a87499702286a_JaffaCakes118
Size

444KB
MD5

102152cadb150a20462a87499702286a
SHA1

451d56ce594bf77f002cf5683542c68eebf27907
SHA256

f3cd777bac62bdbb0a9aacd4d370093cdf1924d1d62dccce29a6ad80e9e5160d
SHA512

72c32752bed5c5363e11e72b15b11822501878740750e59edde56bf6caea35bc1a641294e5a62174be6ae1012fc14897343af2cd2b0b71c518db03057c0081f7
SSDEEP

12288:sJ4yY16yA2TlroWzgtkpEMAkgREgTo+H:sJ4yiroWz0pTo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
102152cadb150a20462a87499702286a_JaffaCakes118

Files

102152cadb150a20462a87499702286a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 400KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 85B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 776KB

.nsp1 Size: 400KB - Virtual size: 404KB

.nsp2 Size: - Virtual size: 2KB

.vmp0 Size: 32KB - Virtual size: 31KB

.vmp0 Size: 1024B - Virtual size: 528B

.vmp1 Size: 2KB - Virtual size: 2KB

.vmp0 Size: 1KB - Virtual size: 1KB

RCryptor Size: 85B - Virtual size: 4KB

.vmp1 Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.nsp0
Size: - Virtual size: 776KB

.nsp1
Size: 400KB - Virtual size: 404KB

.nsp2
Size: - Virtual size: 2KB

.vmp0
Size: 32KB - Virtual size: 31KB

.vmp0
Size: 1024B - Virtual size: 528B

.vmp1
Size: 2KB - Virtual size: 2KB

.vmp0
Size: 1KB - Virtual size: 1KB

RCryptor
Size: 85B - Virtual size: 4KB

.vmp1
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB