3fdc64bf1c5c056657c0f4cb9862d489_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fdc64bf1c5c056657c0f4cb9862d489_JaffaCakes118
Size

632KB
MD5

3fdc64bf1c5c056657c0f4cb9862d489
SHA1

6eff63c50d6537531f18d6a1807495ee4617f4c8
SHA256

02c779d3ec1cf70d5607bdccb010ca17dd64d45e37c150141912c1c74fab1da0
SHA512

cb8592fe1c47cf42cf38d6759a42d9be1829c79f504ef65241dd73356920810becd26e7a304f6f5edea7daf608659deaa65e00e05326f201f10ac5ac13c08409
SSDEEP

12288:OknxoomeHQAhoHIBBInCJhx65om1rvpeQcqpf:RPPMO3hx65om1cYp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fdc64bf1c5c056657c0f4cb9862d489_JaffaCakes118

Files

3fdc64bf1c5c056657c0f4cb9862d489_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09f42b699eed420ccc07fb681ef0877b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32First
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

advapi32

RegCloseKey

wininet

InternetCloseHandle

Sections

.text
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ