35c3e2bef6658b7609240499b2558f07_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

35c3e2bef6658b7609240499b2558f07_JaffaCakes118
Size

61KB
MD5

35c3e2bef6658b7609240499b2558f07
SHA1

816a97d56762f0e922dfda0f2c2564f5aa313722
SHA256

1dda6b843b0600e90363caa3f362807930de40a860e91c61afefb527c14ee33b
SHA512

23646ff5ab2178bddcb7aebfcb19f58dbe59e483533a8c44555c1620e7756e9e7a526e58b74b87976ffb21c063a364a56f2e833784ce06640caaa82ba7bdcdff
SSDEEP

1536:M4tFBRCaL5oyp6mlqi/U4mdRhj8gdedsTajZqc3e4zpQuKYUR:7tFBRCaCOXlZcFRhj8gdeWTajZqc3e4F

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35c3e2bef6658b7609240499b2558f07_JaffaCakes118

Files

35c3e2bef6658b7609240499b2558f07_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1701a083d1d871b421f7333d1f69a5d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA
MessageBoxA

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1701a083d1d871b421f7333d1f69a5d3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 600B

.rsrc Size: 512B - Virtual size: 31KB

.reloc Size: - Virtual size: 648B

.vmp0 Size: - Virtual size: 22KB

.vmp1 Size: 59KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 156B

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 600B

.rsrc
Size: 512B - Virtual size: 31KB

.reloc
Size: - Virtual size: 648B

.vmp0
Size: - Virtual size: 22KB

.vmp1
Size: 59KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 156B