286b7b52a63de2059d5cd6729ac73220_JaffaCakes118

General

Target

286b7b52a63de2059d5cd6729ac73220_JaffaCakes118
Size

2.6MB
MD5

286b7b52a63de2059d5cd6729ac73220
SHA1

682286f4f830873e248d20b07e57f644891f1246
SHA256

2d563d3b8a4fdba1f6e8eb67b3c4b389828d94cb34fe8c08bf330e38ba4acfe9
SHA512

12eeb3595b3a42e955da065140eb554a9d4b39cde3b92cd55bebe0bbb304f89cec075dec6f9137f92102902983fd877cd0726a7649c9ab64d6d001b405474b04
SSDEEP

49152:yAMgI0I1iCr2nzfhrYYLnBOPAqv4JRdnxXuIQmxdDCPpXw3UlTbRvb9:mMCr2zfhrYWnYAHbdnJvDkj9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/网易云音乐刷听歌.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/网易云音乐刷听歌.exe

Files

286b7b52a63de2059d5cd6729ac73220_JaffaCakes118
.zip
我的脚本2_201611281729.Q
网易云音乐刷听歌.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.newimp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma1
Size: 268KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 744KB

.rdata Size: 440KB - Virtual size: 440KB

.data Size: 48KB - Virtual size: 324KB

.vmp0 Size: 1.4MB - Virtual size: 1.4MB

.vmp1 Size: 148KB - Virtual size: 148KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.newimp Size: 4KB - Virtual size: 4KB

.enigma1 Size: 268KB - Virtual size: 4KB

.enigma2 Size: 244KB - Virtual size: 244KB

.text
Size: 744KB - Virtual size: 744KB

.rdata
Size: 440KB - Virtual size: 440KB

.data
Size: 48KB - Virtual size: 324KB

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

.vmp1
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.newimp
Size: 4KB - Virtual size: 4KB

.enigma1
Size: 268KB - Virtual size: 4KB

.enigma2
Size: 244KB - Virtual size: 244KB