398f757380304de897c9abf3eab280f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

398f757380304de897c9abf3eab280f0_JaffaCakes118
Size

1.3MB
MD5

398f757380304de897c9abf3eab280f0
SHA1

ceb1a431f2f184f8ab9bd09201b9b4c4423cb098
SHA256

d451ec713eca8d1458d53e6ee54c266e75c512213c8324d67121e6660aaf025b
SHA512

092c22272d5b1584bb86efe5725965fe31cb62d49c8b03207447b409b81610eac98ba8547238a958e14cee391c2e838447c4351dd40862ded76b9990735122c6
SSDEEP

24576:QGyGOIVxzgItu4oD7gvninwbF+O4OCrzEinM/DW2u13GFUZH1rpaPayQ6n:QrjI4OiAYO45NMU13qeZQPayQM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398f757380304de897c9abf3eab280f0_JaffaCakes118

Files

398f757380304de897c9abf3eab280f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca80e4583ba46bbcf7c1655fe8530f71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EncodePointer
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca80e4583ba46bbcf7c1655fe8530f71

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 40KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 124KB

.vmp1 Size: - Virtual size: 564KB

.vmp2 Size: - Virtual size: 712KB

.vmp0 Size: 12KB - Virtual size: 9KB

.vmp1 Size: - Virtual size: 556KB

.vmp2 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: - Virtual size: 40KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 124KB

.vmp1
Size: - Virtual size: 564KB

.vmp2
Size: - Virtual size: 712KB

.vmp0
Size: 12KB - Virtual size: 9KB

.vmp1
Size: - Virtual size: 556KB

.vmp2
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 12KB - Virtual size: 9KB