3602672182ff86d1d9b121b5c3c2666d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3602672182ff86d1d9b121b5c3c2666d_JaffaCakes118
Size

148KB
MD5

3602672182ff86d1d9b121b5c3c2666d
SHA1

8ef6f50891464cce9de1a5bc74da9d9a14e84ecb
SHA256

b63dedc3ca4d37d0d8465405a6bf1731166df9fbc6e2bd438635c7f0a594ff74
SHA512

c4c35c97d18b6cef73747d6a9b9f4afef03d8887ce02b0c2d0c7143ec6a79f6f08f7797346d9628289a0fbc93fe0d0cd1188987f49dd6f59b59c5b98b75a6a69
SSDEEP

3072:KvSFtS39y1kO94m/jxGnYtP4CnwnNNfcyAzAnG1aHhmsEcVT07S:J6NyOc4m/jxOYtwCwn7SzmPBJE8T07

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3602672182ff86d1d9b121b5c3c2666d_JaffaCakes118

Files

3602672182ff86d1d9b121b5c3c2666d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b0a46d7caf7b24659c0d540a76b4b6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

socket

kernel32

GetSystemInfo
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetDC

gdi32

GetDeviceCaps

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Sections

.text
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ