37d160fefa7a175389a47e87ea9360d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37d160fefa7a175389a47e87ea9360d5_JaffaCakes118
Size

4.2MB
MD5

37d160fefa7a175389a47e87ea9360d5
SHA1

aab6681602c7e9b60485c6a577785ef034d930fa
SHA256

df7bfa797854cc3aff87abf95137c7f48c5f5a2df7bdfd3a15034f75e3497bc7
SHA512

fcba0970c1a87bed0b5ce5489b9184980f4e353a749414b0e9e0c4a6417a43605fffac506ee96771d82bdb752bbebca6b3b42ba7ad88eb6877cdfffbd8e99dcf
SSDEEP

98304:iYHQfbP2Ny7hmyww1CbPFGShQwIAxEptg6u641cop76qf7:i1P70cAPFzhQwIAGt1ejp76

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37d160fefa7a175389a47e87ea9360d5_JaffaCakes118

Files

37d160fefa7a175389a47e87ea9360d5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9f35e965f6effd939584bb73fc92ab6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSSendMessageW

kernel32

VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ