2f7d5525f17e20ecdcb3bce922c1c6ed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f7d5525f17e20ecdcb3bce922c1c6ed_JaffaCakes118
Size

190KB
MD5

2f7d5525f17e20ecdcb3bce922c1c6ed
SHA1

7a5c6601fd62aa8282f1b3458fa5b759588be0d6
SHA256

6b492bb53ed99e04018bd9fa6ceea46f213c6a85ea1e7a897d583f886a606f68
SHA512

a8350c750c748cdbea36b77bf4bd44c28cbcd270c5f0cc39da74c8f1f9875db4d175c663b3dfd5cc2589e998f5ced8358c2a61ba4f477e7a258ba53972f0395f
SSDEEP

3072:iQqmqaPBc9HEOPzfLhQ7Q/5n3d4nmBxhmrBffRmYFve6QUMRgWdZyO:iiqa5c9kKDhf/tttBnmrBnowveRUN5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f7d5525f17e20ecdcb3bce922c1c6ed_JaffaCakes118

Files

2f7d5525f17e20ecdcb3bce922c1c6ed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6e32974ed85533c6266ae1002e4ab7da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

VirtualProtect
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comctl32

InitCommonControls

shell32

ShellExecuteA

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 758B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ