70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118 | Triage

Sharing

General

Target

70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118
Size

132KB
MD5

70afca58aeb927d7d1ed62c7e19234f3
SHA1

397c19c3125e38ab4b4cba37207d81585b465a7d
SHA256

1c83dd6b2245413a5dc4cae0ea41586eb93d454208466afb8a0e115055b91feb
SHA512

b414a2f94b4a6690252490b63b12708343bc5556e4c3d2a46cb22929225d6bfc817c317ff0c2d1a59bbff8f201b6bfa3b667b6bfdacce807576df762a089a808
SSDEEP

3072:8+BC3K5eq0kDC2z6QVCm/8zBsLE+++GE3VvC8t:sK70kZzTIm/8ON+W3Vqc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118

Files

70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9507bfc20af9a6050204e6504d019801

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ControlService

ntdll

NtSetInformationFile

kernel32

GetTempPathW
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ