72ac4f9aa001e7a402c6c7ea03741156_JaffaCakes118 | Triage

Sharing

General

Target

72ac4f9aa001e7a402c6c7ea03741156_JaffaCakes118
Size

65KB
MD5

72ac4f9aa001e7a402c6c7ea03741156
SHA1

b5d171707d47bdc044781f6ddd53ee4c71958f0d
SHA256

24aed9e8dcdd92942fcc33469e5ad1956384ce51822e5b03eaf2ca914f9714dd
SHA512

cb5bebb42680c761d04ead821789d84625e86b3a6d20bdefafa3c9242abdf4570b50976e57b4e033f5244db38fe9cd8cde45f56a90d6a834342a0cc07f3241ca
SSDEEP

1536:6RNDytG/AV1DhDNnmsC/I/bMC8MnAW1dpcbWAXFULez5a:6RVytsAnLnmsf/b7Rn1UNXFUCz5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72ac4f9aa001e7a402c6c7ea03741156_JaffaCakes118

Files

72ac4f9aa001e7a402c6c7ea03741156_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ffae0b78389142c643d33f2d2e20ea8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA
MessageBoxA

advapi32

RegSetValueExA

ws2_32

send

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ