4b3ac56bcddaeb8ea74e289174c2971a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b3ac56bcddaeb8ea74e289174c2971a_JaffaCakes118
Size

712KB
MD5

4b3ac56bcddaeb8ea74e289174c2971a
SHA1

529dbf110acb4be6cce72ed428e0b55f57d43f88
SHA256

5c21ab8cd3c8197babc8f8cbd9398db7178a5088b65e8c9706c8b8eb4d9323bb
SHA512

e5983ce9ce78d6cbbdd07931dde50aa8ea9db74c9fa6b5e4dc0c3bc01aa39588afc46c7788569f7465cabd41c0b81b632ab0407a8624f59c870c5eb220aab1bf
SSDEEP

12288:hFKMHqvxOr77qPecX+5XePgjTQIVTvYtDFwRCrCvxtISSurT9JnP5ps1IdJUUlxx:hgMK5I77qPdX+5uPGTvYfw3JJnhicuUl

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3ac56bcddaeb8ea74e289174c2971a_JaffaCakes118

Files

4b3ac56bcddaeb8ea74e289174c2971a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b12a7c64f931e59c6ed50ca704d33ca6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CoUninitialize

oleaut32

SysFreeString

netapi32

NetLocalGroupAddMembers

msvcrt

??0exception@@QAE@ABQBD@Z

avicap32

capGetDriverDescriptionA

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 704KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ