6102992de786d744afc0e01dfcde8b80_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6102992de786d744afc0e01dfcde8b80_JaffaCakes118
Size

124KB
MD5

6102992de786d744afc0e01dfcde8b80
SHA1

94637f1568e775caf2f0cdd20021dcaf1e6128bd
SHA256

faabe1d160eda2667d0d875a8c1c8cda3af3370c165e7121bbfe361103df936a
SHA512

0001c153a6a9165a3902b89e9af8b630ec3e39b1e53f63ebcb74a54732abc46e3b38a3fe31de43e25f7ccba0198dbf14e1ce1a3423e362a71cbe96d9bca43cbd
SSDEEP

3072:EdMODZZBSVkcOSQRDPruGnipSsevRiCerUHWWwrOb5Pz:4MODZ7S4DDDcEseqIHWWeObhz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6102992de786d744afc0e01dfcde8b80_JaffaCakes118

Files

6102992de786d744afc0e01dfcde8b80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b51800e1ce4bfb316d9cba12e3748892

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4465

msvcrt

_except_handler3

kernel32

LoadResource
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

EnableWindow
MessageBoxA

advapi32

GetNamedSecurityInfoA

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ