758ee8180c1cfa37deefdbcbdb4377d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

758ee8180c1cfa37deefdbcbdb4377d4_JaffaCakes118
Size

760KB
MD5

758ee8180c1cfa37deefdbcbdb4377d4
SHA1

00b577c9d5848cee6816f4f850b5254645a6252f
SHA256

ff30309db18d4fcfc558e211b8f3dc08b6f731976daff9dbe9bb34a48ec055db
SHA512

79b27e647d928a748ebb195b3ff18b08679d06e7cf277a1e54cf2a8095fbacbad754dd1a140b343bdd833fc30c6573ff42c9d4e239680d95dda4b239604b5438
SSDEEP

12288:KqF8oAHsz5Wk9oFlDuhBSci60VmulcSJCzh2rIH3eZkqklDvfne/c9yo+aqZOT9s:Kc0I5WIorYBScibYIvCzh2rIuZk3ne//

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
758ee8180c1cfa37deefdbcbdb4377d4_JaffaCakes118

Files

758ee8180c1cfa37deefdbcbdb4377d4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

63532e2c61b78925e679ee79fc2608e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RedrawWindow
MessageBoxA

gdi32

GetTextExtentPoint32W

advapi32

RegSetValueExW

ole32

CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

ws2_32

inet_addr

gdiplus

GdipCreateFromHDC

version

VerQueryValueW

Sections

.text
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63532e2c61b78925e679ee79fc2608e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

ws2_32

gdiplus

version

Sections

.text Size: - Virtual size: 170KB

.rdata Size: - Virtual size: 31KB

.data Size: - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 11KB

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: - Virtual size: 572KB

.vmp2 Size: 754KB - Virtual size: 754KB

.reloc Size: 512B - Virtual size: 200B

.text
Size: - Virtual size: 170KB

.rdata
Size: - Virtual size: 31KB

.data
Size: - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 11KB

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: - Virtual size: 572KB

.vmp2
Size: 754KB - Virtual size: 754KB

.reloc
Size: 512B - Virtual size: 200B