27f8a744e1d6e095aaa6808a05179366_JaffaCakes118 | Triage

Sharing

General

Target

27f8a744e1d6e095aaa6808a05179366_JaffaCakes118
Size

627KB
MD5

27f8a744e1d6e095aaa6808a05179366
SHA1

05ff3921435e2fce8b50317586bc2f779d07c9b4
SHA256

cba1e6889ec2b999a104d1d7c4586cef87af1e02b6b4e7535714a2d49988ede1
SHA512

a8b236d7ae45f4e1dcef1b88203ca572dfe80004c34e0a85987410b14df21100eab7e2352435b16cd1958015af6c484a61991a239c4130c7c841afcad3c3a836
SSDEEP

6144:WTMFhYuWZYtyjLxHXVoJj1V/yVJjE5bAlC6joq:SMF3/e13YjzqjjEFAlC3q

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f8a744e1d6e095aaa6808a05179366_JaffaCakes118

Files

27f8a744e1d6e095aaa6808a05179366_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ