14e96ff8fa1f3900123831a785747847_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e96ff8fa1f3900123831a785747847_JaffaCakes118
Size

194KB
MD5

14e96ff8fa1f3900123831a785747847
SHA1

ee514372ae2848e80c3551c87b2138b007b0b5cc
SHA256

a00f226ee0e67e60f53d3f1b80eeb9504ac0531da46de942d9e041f1ef9a16f8
SHA512

2245bbcb4b602d63a4575beb02024f4537f9d466b8a7b8f9564c2479d335eb09f8f387f95b687b663ea4d0a50378eb2ed8a3c1ad2c23f39ff04b073235782b85
SSDEEP

6144:bffw1mulgv2Naxda4Jh/4P9KEPveZVqvg7:bXkmCgra2hCKEPvMWO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e96ff8fa1f3900123831a785747847_JaffaCakes118

Files

14e96ff8fa1f3900123831a785747847_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c04325c5e6789af05001e33a0a7a9e5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ