148f79770661575fcbb0bbbbb165a3f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

148f79770661575fcbb0bbbbb165a3f8_JaffaCakes118
Size

77KB
MD5

148f79770661575fcbb0bbbbb165a3f8
SHA1

fb5640e8e012dd214fcd9ab89be6399c886c058e
SHA256

1ac21463c823d0ee64567b037518ddfbabdaf5d3c6367f027b3ffb7f529f29b2
SHA512

24c1bbd7aaed634ba5b8409fc5d5323f7cbe11288b7e2d73756706824775ad6ab9c33905e8f5f0bd35d09f16b39a19881844fa772b545ab51ccccc7ed87599cc
SSDEEP

1536:6ND8yFZnd0Q4R6Z3K2g9/sFGQhFsU3sYNIEmniaSd/VjVrQ:6N/FZnyQ/VK2g90FGQhyS1OEmXoJVrQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
148f79770661575fcbb0bbbbb165a3f8_JaffaCakes118

Files

148f79770661575fcbb0bbbbb165a3f8_JaffaCakes118
.dll windows:6 windows x86 arch:x86

606e78cbdcef67ac28aa6642b76263b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

??1type_info@@UAE@XZ

psapi

GetModuleInformation

advapi32

RegOpenKeyExA

Sections

.text
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1212
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606e78cbdcef67ac28aa6642b76263b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

psapi

advapi32

Sections

.text Size: - Virtual size: 20KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

.1212 Size: - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 11KB

.vmp1 Size: 76KB - Virtual size: 75KB

.reloc Size: 512B - Virtual size: 132B

.text
Size: - Virtual size: 20KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB

.1212
Size: - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 11KB

.vmp1
Size: 76KB - Virtual size: 75KB

.reloc
Size: 512B - Virtual size: 132B