4cc1ae2d8db68cabed9fb70e89d9002d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cc1ae2d8db68cabed9fb70e89d9002d_JaffaCakes118
Size

161KB
MD5

4cc1ae2d8db68cabed9fb70e89d9002d
SHA1

717dfd191e3710f71d3908b0b2f6f4b143b7a126
SHA256

cab5941fc9c9d9d97e9f362587fa70b771033bd7b3d46c7b8f9b9317ca435ec5
SHA512

33a9b23de6a6186d895a1a4faec13b662f7942f29cdf1898f158e5061804fa16e17428aa3836366d3dccaca5e8e3244d50a7f563a2961eae37d77a9edecde3df
SSDEEP

3072:7+BC3K5eqGPwmjNg4uW1S2Qwp9y+gchiq3nEtz3mB8RjPgtiRjBP:1K7MwqNglW1S2Lp97Xgz3US

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cc1ae2d8db68cabed9fb70e89d9002d_JaffaCakes118

Files

4cc1ae2d8db68cabed9fb70e89d9002d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3fbad927aeb9f1ec50f749eaed9685f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtCreateFile

kernel32

TlsAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ