19c352fc87c76fe1ae041cb6cc3746e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19c352fc87c76fe1ae041cb6cc3746e2_JaffaCakes118
Size

4.7MB
MD5

19c352fc87c76fe1ae041cb6cc3746e2
SHA1

acf68906c3a60070939646747c95b6e9700d56e0
SHA256

e08c765ae9c0367b214b13a679956ad16cce552f0a50628c402d2a95b5ee0a9d
SHA512

353e6e986a9d0f4d7a78f8ba5abfb3a12cfa8336b3b6907d7cc751b15fde2b36d75199e4c0a56fa0df46a0d0295afd0471af1fc81164e328495d8a4f2fa94fa7
SSDEEP

98304:mbYqGOED0bBKmnTgwDJJxiGJqyG/YfFLZ43QTSdXG0zv:uYqGZAbBgsJximfFl4gCtL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19c352fc87c76fe1ae041cb6cc3746e2_JaffaCakes118

Files

19c352fc87c76fe1ae041cb6cc3746e2_JaffaCakes118
.exe windows:5 windows x64 arch:x64

898e0646e98ebd753eaf19d43063a408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obnx
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ