651f9a129be3f0223e2f94aacd79f0c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

651f9a129be3f0223e2f94aacd79f0c9_JaffaCakes118
Size

52KB
MD5

651f9a129be3f0223e2f94aacd79f0c9
SHA1

1b4b766240526d8a67958855ec392a1938c84814
SHA256

e28ff8a6e897aa8bf2ac8793d84ace695c915250db9280a464a6438765930e43
SHA512

d8169259c66a7e0b16c817d0ee7a7d4f4bedb0e3602ea9bc1d20d34db035f73b39ed91deed889fc50be7cba96f7a311e5462a511153b576c89eb482d0c47eedc
SSDEEP

768:FuFzNNJOLG0Ffinu52R1PXTzhKh4uyhZKxE8dZxBtM:FiJsE/TFEAZiG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
651f9a129be3f0223e2f94aacd79f0c9_JaffaCakes118

Files

651f9a129be3f0223e2f94aacd79f0c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5b8985bd5100f9182528f9a6dae7f6e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CallNextHookEx
SetWindowsHookExA

msvcrt

_adjust_fdiv
malloc
_initterm
free
strchr
strstr
strcat
strncpy
__CxxFrameHandler
strlen
memset
strcpy
_strlwr

kernel32

WriteProcessMemory
ReadFile
Sleep
TerminateProcess
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapAlloc
GetModuleHandleA
ReadProcessMemory
GetTempPathA
CreateFileA
CreateThread
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
OutputDebugStringA
CloseHandle

Exports

Exports

fun

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 846B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ