45d6be7438e2f78f11518e01cff25f42_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45d6be7438e2f78f11518e01cff25f42_JaffaCakes118
Size

500KB
MD5

45d6be7438e2f78f11518e01cff25f42
SHA1

8ec8083a0668b107edc4732c6926ba31e91e3dd0
SHA256

904c2fa107cb2786d919e956853e774e9e8e924b19a82117fc5c450e3a8783d2
SHA512

94ced6cd8e7b7a56cab254264c992f49297df630c361d970996cc79ae15c62a7cf9330d3db3d1956e2bff2fb5da5f6b52ce7dcb59f0a931e64b22dbcd0758565
SSDEEP

6144:y7eNM4ma9Smcd4HD2uD1VV5bgdV1PLBYPsYK9/YZ9Q//htueMjrHibi3Ls6YeMrm:Q+Z7ZD2ufg9Tusbc9Q//v36fSMo4HVTP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45d6be7438e2f78f11518e01cff25f42_JaffaCakes118

Files

45d6be7438e2f78f11518e01cff25f42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ