4427bac4d50c85314ed11e7ad7803691_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4427bac4d50c85314ed11e7ad7803691_JaffaCakes118
Size

45KB
MD5

4427bac4d50c85314ed11e7ad7803691
SHA1

ec7b03aea69a2afe2ffa51b886cb490ffa148950
SHA256

d08a7a3f38eeec7c13574b1785af4b8b05afc184fed3c5458a38ddae60f08ac4
SHA512

284d5cc301c61abaf8ffee398156d4ae290ac2daef3c52d3a8fa81be7309954e3e66d803dce7b28159ec11044cb8e78c4f908a3b91198f1cbc952c740f290bd9
SSDEEP

768:E6tVJ37uTfUq1MV6p/Dkt6zmloDYj1dJtWpojpTZ8FBbk0tbTqvPYbWJRu4vhe+W:EkjAkloDYZvtEypYa6EVnu8hF3/Sx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4427bac4d50c85314ed11e7ad7803691_JaffaCakes118

Files

4427bac4d50c85314ed11e7ad7803691_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0b99676a78106184492b7cfdd018741e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

__dllonexit

user32

GetAsyncKeyState
MessageBoxA

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 224B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b99676a78106184492b7cfdd018741e

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rdata Size: - Virtual size: 592B

.bss Size: - Virtual size: 176B

.idata Size: - Virtual size: 712B

.vmp1 Size: 1024B - Virtual size: 716B

.vmp0 Size: - Virtual size: 224B

.vmp2 Size: - Virtual size: 12KB

.vmp3 Size: 42KB - Virtual size: 41KB

.rsrc Size: 1024B - Virtual size: 716B

.text
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rdata
Size: - Virtual size: 592B

.bss
Size: - Virtual size: 176B

.idata
Size: - Virtual size: 712B

.vmp1
Size: 1024B - Virtual size: 716B

.vmp0
Size: - Virtual size: 224B

.vmp2
Size: - Virtual size: 12KB

.vmp3
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 1024B - Virtual size: 716B