430402d1755be3fa28d88e539b448b09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

430402d1755be3fa28d88e539b448b09_JaffaCakes118
Size

160KB
MD5

430402d1755be3fa28d88e539b448b09
SHA1

9c2e5edddd6201ccda1457484ad38ff38da08f5f
SHA256

960bb30d29d239f34545e7e4d1229d5bc2bac6ea15226f934ceab7b0cb52378f
SHA512

54c365f558f4d58704b27be8954e780db2f9bcdccc8a32274c104d78b76c2a31c84f01869b7286bde01e0ce6004721a7cc2b92fbf21b8afab2836ee3bc0e949e
SSDEEP

3072:GbCpsQEAw4yBIsnRrH6CbVuYiu/fE5PfUkcTWdBygIEf0Zm:7psQvny5nROCMYiuqfUyDy6f5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
430402d1755be3fa28d88e539b448b09_JaffaCakes118

Files

430402d1755be3fa28d88e539b448b09_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53fb4b92fcb80e1eb1fa93ee48ea5653

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord595
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord645
ord100

kernel32

VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ