373fe0ae2f2fd74f04dddd056838872b_JaffaCakes118

General

Target

373fe0ae2f2fd74f04dddd056838872b_JaffaCakes118
Size

186KB
MD5

373fe0ae2f2fd74f04dddd056838872b
SHA1

a6e7e5234b45a88425992149924e88f18fd023bb
SHA256

d4a97bfdb01ba875f53b828cf22c3151b0711888620935fe9bc15b5783d917b1
SHA512

9e8fba008ee152428f419dffb58ae5817dbc2531f8f998ff38a5eac2fceb915eeeab5c7446f4752b2b6455287ca9070270a0852a16b1eedfb340ad815e16a1ed
SSDEEP

3072:fiEtro3W/QbNVFDmmhul0AZpDNhIoHbELbMMPJLgOM1ddhGmcF/Kt0b:dt0rVdmmhueAnAoQZPJLgvdLmFCt0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
373fe0ae2f2fd74f04dddd056838872b_JaffaCakes118

Files

373fe0ae2f2fd74f04dddd056838872b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

38b7715c57f4c78d1bd3c62e1d094eac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetRect
MessageBoxA

msvcr90

malloc

gdi32

GetFontLanguageInfo

advapi32

RegOpenKeyA

Sections

_TEXT
Size: - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38b7715c57f4c78d1bd3c62e1d094eac

Headers

File Characteristics

Imports

kernel32

user32

msvcr90

gdi32

advapi32

Sections

_TEXT Size: - Virtual size: 431B

.text Size: - Virtual size: 113KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 49KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 19KB

.vmp1 Size: - Virtual size: 68KB

.vmp2 Size: 183KB - Virtual size: 183KB

.reloc Size: 512B - Virtual size: 120B

_TEXT
Size: - Virtual size: 431B

.text
Size: - Virtual size: 113KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 19KB

.vmp1
Size: - Virtual size: 68KB

.vmp2
Size: 183KB - Virtual size: 183KB

.reloc
Size: 512B - Virtual size: 120B