4be814ce4d97d948e3f44100996987f9_JaffaCakes118 | Triage

Sharing

General

Target

4be814ce4d97d948e3f44100996987f9_JaffaCakes118
Size

176KB
MD5

4be814ce4d97d948e3f44100996987f9
SHA1

ad26b7b020b6922f312646958ffab8bbb3ac9739
SHA256

0cf474c96b2982700af31021abc3dc322d430eae2d30d0533a7dedebde53fea1
SHA512

7211eaf79f26c5df3686625e7200ed7e3c5df5e0a29fe373fd0fda8b0e42b04d286fea88ecd733aa5880c92b519b2b545cb13d35f9c225a59dda1cb40cecb760
SSDEEP

3072:/1hCavQ+C8iEgfVx7f6x/OF94Mxc3VzcT5LeY18m4TcgQDQErfIrydpPy://CGIEgDs/O5kVcrd8iX24p

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4be814ce4d97d948e3f44100996987f9_JaffaCakes118

Files

4be814ce4d97d948e3f44100996987f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42bb073ab52c2a47ed678a6b842ef2ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateAcceleratorW

kernel32

TlsGetValue
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comctl32

InitCommonControlsEx

shell32

StrRStrIW

gdi32

BitBlt

oleaut32

SystemTimeToVariantTime

shlwapi

StrTrimW

Sections

.text
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE