4848d974f43834464999457bf79441be_JaffaCakes118

General

Target

4848d974f43834464999457bf79441be_JaffaCakes118
Size

72KB
MD5

4848d974f43834464999457bf79441be
SHA1

23c6382d03d2c325b2c07e2079ced1354a4df674
SHA256

16b8a5f769825180167b3020cbb4440b8334c3d063035d55b8aa32b7162dedaf
SHA512

05fe9e4b11e3eb80e181af64bc285ebd7d60234631ded67f0b8bee1759dd19265503775545cf2d844d05f8114c573c3ca2267f81b2263997cf139fc2781e10f5
SSDEEP

1536:6QDIO81Q0E7UJAEvlYuDmjRYPxxrVBj2Ou9f64J2LcMPMVCKBUxFBgp:6yIxE7UJAu9DOoL7m5F2LdkVDBhp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4848d974f43834464999457bf79441be_JaffaCakes118

Files

4848d974f43834464999457bf79441be_JaffaCakes118
.dll windows:4 windows x86 arch:x86

65ed6e4278ba86ab8967a6c1593a4d48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA

Exports

Exports

SetStar

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65ed6e4278ba86ab8967a6c1593a4d48

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 600B

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 738B

.ecode Size: - Virtual size: 147KB

.edata Size: - Virtual size: 64B

.vmp1 Size: - Virtual size: 12KB

.vmp2 Size: 71KB - Virtual size: 70KB

.reloc Size: 512B - Virtual size: 112B

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 600B

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 738B

.ecode
Size: - Virtual size: 147KB

.edata
Size: - Virtual size: 64B

.vmp1
Size: - Virtual size: 12KB

.vmp2
Size: 71KB - Virtual size: 70KB

.reloc
Size: 512B - Virtual size: 112B