3df58db5b49260f870c801257bd377b0_JaffaCakes118 | Triage

Sharing

General

Target

3df58db5b49260f870c801257bd377b0_JaffaCakes118
Size

762KB
MD5

3df58db5b49260f870c801257bd377b0
SHA1

99be6e76e4e7aaf6eb7c8640e02f9edcc558dce0
SHA256

8857c2962f47a745f243cdda7ded14a11540048a93146d8d2ca81192bff5cb93
SHA512

33586902b58c4180e69df9b2d7d3eaa70ca50065cf935eb35537a6b34960cef663054ee74c54e4bcea73af2ad54e2424fecda919e87e9c6f6f165a678ba0bd2f
SSDEEP

12288:RXIq8rbrA8S0VHrlPGUmGob5cjNVJe39su8okZp4:mRvA8ljecNA7W

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3df58db5b49260f870c801257bd377b0_JaffaCakes118

Files

3df58db5b49260f870c801257bd377b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11cbdfb47fdc9152560598c88ea044f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA

ole32

CoTaskMemRealloc

oleaut32

SysStringLen

gdi32

GetStockObject

ntdll

RtlFreeHeap

Sections

.text
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 593KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ