458c6f3bbc66ac9001179e24db8e2b2a_JaffaCakes118 | Triage

Sharing

General

Target

458c6f3bbc66ac9001179e24db8e2b2a_JaffaCakes118
Size

272KB
MD5

458c6f3bbc66ac9001179e24db8e2b2a
SHA1

9fa15a19dbf25548aa89a1d94dce80eb91cd2001
SHA256

8f6716a6cbb1ce6626200470ecbddf5754c0de9a274e7c4333458999408b9da2
SHA512

965b3af54bd9128a20569557b7ae86220b708933e056e43efdab92f55092d3de80347c27a67805cab073dc7de0a6990762005efc5e6157083b2f21252962a422
SSDEEP

6144:3iizK4+rR8efRfFEXkUpu+yUSQjbScbCrlQc81G8M:3RK4+rR5f5FEUUpJyCpbCGcMG8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
458c6f3bbc66ac9001179e24db8e2b2a_JaffaCakes118

Files

458c6f3bbc66ac9001179e24db8e2b2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ