48356d3e57b5d5260a0c9ec98e1d1798_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48356d3e57b5d5260a0c9ec98e1d1798_JaffaCakes118
Size

672KB
MD5

48356d3e57b5d5260a0c9ec98e1d1798
SHA1

1f84df2d7d7a1aa0ee158af98c65fceaa72ee438
SHA256

41b93928a44a54b984357b496eed47108126ac82af15253f84eb0b157697afb4
SHA512

97ac629f26f6d2ec4264f62a4c78eb04c1653c3fbf05decefd55b67e246e342cc7676fc21dc8561103c198cf02d9b176039a3397c264f2f3cab3e25712b45a5e
SSDEEP

12288:L1FR88O7/c8UYOBrxG7CAGejKL6I57nuTQvJSmA0+1XYGytx:1TaE8UYOBHAGej+5DuchJ+5yD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48356d3e57b5d5260a0c9ec98e1d1798_JaffaCakes118

Files

48356d3e57b5d5260a0c9ec98e1d1798_JaffaCakes118
.exe windows:4 windows x86 arch:x86

15fd8f776d8aa6e33b64818449731954

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA

kernel32

CloseHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 652KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ