38c19fd9fb1e53bbbf5b9fb5b5d9eb69_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38c19fd9fb1e53bbbf5b9fb5b5d9eb69_JaffaCakes118
Size

1.6MB
MD5

38c19fd9fb1e53bbbf5b9fb5b5d9eb69
SHA1

7a0c1e13bb84054187f4d433093c25f1c5e0cd35
SHA256

8c2ac2412f14e030af1d1cfdce8a3d2c65fd5ca3ead62808d2180318c3bfca5f
SHA512

79481b1176b3acad59d41e624467768110523951b1ed793c1e47dcbb0dd70e8d064e2a2b3c03cfa333fa981abd341861eb6f62ba736671b0b2e3672ba06ce145
SSDEEP

49152:f/aeBbIa3YoRF7gZUFHB/q+a1hJtfxeEN2kGih7eOVfSXY:f1bIa3YoPTtatbb25YCXY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38c19fd9fb1e53bbbf5b9fb5b5d9eb69_JaffaCakes118

Files

38c19fd9fb1e53bbbf5b9fb5b5d9eb69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

345efba8832cf46b569550e1cac1811e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord537

kernel32

CompareStringW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ