2bdca044e2ac8c9d79ab043ba97d6474_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bdca044e2ac8c9d79ab043ba97d6474_JaffaCakes118
Size

197KB
MD5

2bdca044e2ac8c9d79ab043ba97d6474
SHA1

024cd677a2652bff1a9a6c0c63274882a1d783bf
SHA256

ba8396974c1f332076ad57f97f3c4ee761281a042c88bbfa9d0a96223eb27f01
SHA512

21ec42e97b5dca0ca69a40d579f3f27f75198ff804c98ded6f6e774cb7c7b1a2c4f09f62dca75a92f31e4cd108a66e3b7ecdc3e153b879406792748e5677dcc4
SSDEEP

6144:0K7cdU0f6XnbVu7na+TWm5G3XGzU74hXQ:J2D2A7amXYG6CQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bdca044e2ac8c9d79ab043ba97d6474_JaffaCakes118

Files

2bdca044e2ac8c9d79ab043ba97d6474_JaffaCakes118
.exe windows:4 windows x86 arch:x86

465d26967af1346f094e36253f9c8f2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtSetInformationFile

kernel32

WaitForSingleObject
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ