3f53b7228e31097817779495393c2ebe_JaffaCakes118

General

Target

3f53b7228e31097817779495393c2ebe_JaffaCakes118
Size

195KB
MD5

3f53b7228e31097817779495393c2ebe
SHA1

6ebbd86e41de179214928597c53c5b39e5f9afe6
SHA256

d879f4ac5f9fbbb4b40ac6eedc8a7eb735d57891025d96a2fff9d2d52556d310
SHA512

a430a631451d1994df17ee83be301bda1a8cdebb6fcee5062b894a417246e391f2c843de8e7d971cf7707126020474ab80edb31368c28cc168ada0ec5bedecc8
SSDEEP

3072:Cia5gsxNOvurHvmtlMipc+ft5Vz0G/sCH3GpiTA+ikujgfrDTvmw28:BNlM+pft7z0G/BGwTAzk7XG8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f53b7228e31097817779495393c2ebe_JaffaCakes118

Files

3f53b7228e31097817779495393c2ebe_JaffaCakes118
.dll windows:5 windows x86 arch:x86

698e6d15c7f3c6fdcb4f7e0489df40f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetRect
MessageBoxA

msvcr90

sprintf

gdi32

SetTextAlign

advapi32

RegQueryValueExA

Sections

_TEXT
Size: - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

698e6d15c7f3c6fdcb4f7e0489df40f5

Headers

File Characteristics

Imports

kernel32

user32

msvcr90

gdi32

advapi32

Sections

_TEXT Size: - Virtual size: 431B

.text Size: - Virtual size: 113KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 49KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 19KB

.vmp1 Size: - Virtual size: 73KB

.vmp2 Size: 192KB - Virtual size: 192KB

.reloc Size: 512B - Virtual size: 220B

_TEXT
Size: - Virtual size: 431B

.text
Size: - Virtual size: 113KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 19KB

.vmp1
Size: - Virtual size: 73KB

.vmp2
Size: 192KB - Virtual size: 192KB

.reloc
Size: 512B - Virtual size: 220B