2b804dabaf91a83f2799eb98310fb008_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b804dabaf91a83f2799eb98310fb008_JaffaCakes118
Size

38KB
MD5

2b804dabaf91a83f2799eb98310fb008
SHA1

b5954f7fe8f998232f56447be4c12202333bf08a
SHA256

c6e8d5f365cb6a933d5b8846d902012d6cd55830783fd08577561bc6158df3db
SHA512

860b181c5f6a31a594ac8d44799fa0399e0ca515cb78189223bcef8a87d0f8759f0ee75954288b315021dcc7ef2ef838387388125eaf71f487d5a24968079a14
SSDEEP

768:Kc3MC7BYLVRazAD1zUyY/l1HLV0thi7+m349QJUk8+LW4wdMqejandGZq:Kc3M8a6zI1oF/Hwy+UTJUk8+hZWO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b804dabaf91a83f2799eb98310fb008_JaffaCakes118

Files

2b804dabaf91a83f2799eb98310fb008_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a6de826f347e3b32d497aa458eb26b85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
Beep
CreateThread
DisableThreadLibraryCalls
ExitProcess
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA
GetVolumeInformationA
Sleep
VirtualProtect
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memmove

user32

FindWindowA
GetAsyncKeyState
ShowWindow
MessageBoxA

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 896B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 264B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6de826f347e3b32d497aa458eb26b85

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rdata Size: - Virtual size: 288B

.bss Size: - Virtual size: 896B

.idata Size: - Virtual size: 812B

.vmp0 Size: - Virtual size: 264B

.vmp1 Size: - Virtual size: 15KB

.vmp2 Size: 37KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rdata
Size: - Virtual size: 288B

.bss
Size: - Virtual size: 896B

.idata
Size: - Virtual size: 812B

.vmp0
Size: - Virtual size: 264B

.vmp1
Size: - Virtual size: 15KB

.vmp2
Size: 37KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 64B