2372181c039c6c6883cd1f9586f3dd82_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2372181c039c6c6883cd1f9586f3dd82_JaffaCakes118
Size

724KB
MD5

2372181c039c6c6883cd1f9586f3dd82
SHA1

3e4483054f6a75bf903c2f717a3e7462f4f32e19
SHA256

86fb06ce7e94540996d199ec3a8336eeefe70271aad4020c80d471f8eba25677
SHA512

0f932f89bf70e672d7dca833e4ccb07249e14a717ef33a38c56c52cc481b8d1145201c3d6bbfbebcc298cc4f8b3f0dc69eb9d04e144110cdd219d115e1a72021
SSDEEP

12288:gd/3u1SuII0i9izl0VKFL6NOmaunhOTpkH2wXXlDmJN8SxYy8Ked7lAQI+aQPzK2:o3uEu9alB6NbaAQIhXJmJNBxYy8b5MIX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2372181c039c6c6883cd1f9586f3dd82_JaffaCakes118

Files

2372181c039c6c6883cd1f9586f3dd82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

500670908c8b2eb548b380523b4b29fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 998KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 712KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ