726fb6ad8d4f2e3f0baa772716086b7d_JaffaCakes118 | Triage

Sharing

General

Target

726fb6ad8d4f2e3f0baa772716086b7d_JaffaCakes118
Size

405KB
MD5

726fb6ad8d4f2e3f0baa772716086b7d
SHA1

d7be333f1ad714bdcab8a4fd08355bd054b46299
SHA256

68309a50ec895bd2338f69540613d8001c6d6f54088377017c586f3095ceeb06
SHA512

1c6f221f27c9a0f42a28b6b6fdc42b6402924831297c77473567131cb051c6c83ca4a187a9966b4f0ca8dcab7ca38f1797bb64a2ed9ea231ae777e3838ad6821
SSDEEP

12288:iiGQKNNyxxNNNehbNeeeMo11eo3lVPAn1hL8UjB/YwX:iiGQKNNyxxNNNehbNeeeT11eDn1p8Uj9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
726fb6ad8d4f2e3f0baa772716086b7d_JaffaCakes118

Files

726fb6ad8d4f2e3f0baa772716086b7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11cbdfb47fdc9152560598c88ea044f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA

ole32

CoTaskMemRealloc

oleaut32

SysStringLen

gdi32

GetStockObject

ntdll

RtlFreeHeap

Sections

.text
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ