5fa44bf0bf2f57061b9087649a01bfd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5fa44bf0bf2f57061b9087649a01bfd2_JaffaCakes118
Size

418KB
MD5

5fa44bf0bf2f57061b9087649a01bfd2
SHA1

e20a9ddd7bb9be532c3b77123b2af5efd393b875
SHA256

15f5cb61afe6408cf7b716f857982b9cc984c2766709d71efce944c2c21ccf1f
SHA512

b13375352c55d6f6afcebadf6dcd43c4b0892e300436ee76d0b3480d4c014966c03ec736fcb66d78d15e5818417cce09f18e05eb1faa1dea49a887b009dda919
SSDEEP

6144:h/n3dYapfvEuj9Nk4IEDWoB6KDRcDu3PlzxqvTB640:hv6apnZhOno/B6Klck9xqbB64

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fa44bf0bf2f57061b9087649a01bfd2_JaffaCakes118

Files

5fa44bf0bf2f57061b9087649a01bfd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11cbdfb47fdc9152560598c88ea044f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA

ole32

CoTaskMemRealloc

oleaut32

SysStringLen

gdi32

GetStockObject

ntdll

RtlFreeHeap

Sections

.text
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ