3d0c45f87cc9b77dd76bde57a93af36c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d0c45f87cc9b77dd76bde57a93af36c_JaffaCakes118
Size

80KB
MD5

3d0c45f87cc9b77dd76bde57a93af36c
SHA1

626ab2376ca4dd6abb6bf1a19a65f28a5bc1aa38
SHA256

2b2c63ca7f875d6edc889c0da4372b228d252b4e38521e8a17f25f1d082024ed
SHA512

0d425b16535dbccdf6b4d6d5f38d253e44149927201f1f029b78558a7000185ec078914d36b47407a03bc6b96e3f7f6718eba6da34fe1281eb9af72a1afc79cf
SSDEEP

1536:lY0s66HZaOxcSP+n/ZznToIfDTRUrp2TNTeixp0zA+V/R8j28PvL:O0s66N+n/ZDTBfDTRUrp2TNTei70ZY2y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0c45f87cc9b77dd76bde57a93af36c_JaffaCakes118

Files

3d0c45f87cc9b77dd76bde57a93af36c_JaffaCakes118
.dll windows:0 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Install
RundllInstall
RundllUninstall
ServiceMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ