6ebd3ead7ff70ff9badedb980b66728a_JaffaCakes118 | Triage

Sharing

General

Target

6ebd3ead7ff70ff9badedb980b66728a_JaffaCakes118
Size

3.4MB
MD5

6ebd3ead7ff70ff9badedb980b66728a
SHA1

151afd9f5352fd31fdee9af8b1cfa00afd36dd49
SHA256

02de6c38c553ade4460d627cdcd4db065ee9a59bc0a19d0b6f0b04ecdf38be80
SHA512

df4b54808fd4deb144ea1c6eb058d531013d2b2aebbe69b9c72246192874b02924a9d9fd84f4f2d27207021c5075d8949ab3e69926224fac2dc96f271536db85
SSDEEP

49152:/e1ZAtJAL8bFZlq6MNa0fpfZJRU+U18Kh0sLRUZQlJ9xLOs3lHqZbo5nzfn8Lknb:/Cz8bztMNTU+sj0WRUYv3xqJk71eg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ebd3ead7ff70ff9badedb980b66728a_JaffaCakes118

Files

6ebd3ead7ff70ff9badedb980b66728a_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

3ac8c157d72a609c4bab6e6617a9650a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DispatchMessageA
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

DllRegisterServer

Sections

.text
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ