76fe3daa63742c5d0c0cd47fdd664839_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76fe3daa63742c5d0c0cd47fdd664839_JaffaCakes118
Size

110KB
MD5

76fe3daa63742c5d0c0cd47fdd664839
SHA1

4422b69d42cc79a5076405d80ac3d48dc31593c2
SHA256

dad207a96a8c808e888af4236d741f6a3dd4dad9b7a66ef70ef3ae44ada88f4f
SHA512

387c7f3094d0c854b20a46ba4a351fccc154befcb6e9642a350751f82bddc68de79371a633a6f260eb2ee89f98ace16c21bf27259a88dc78e515ea51d0ffb343
SSDEEP

3072:MKI1poxm1CMo0c6PKKuhZNBPpKdD27GveqM7s9369p73f66:MKIWgPA7NVQDDeqUc6L73V

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76fe3daa63742c5d0c0cd47fdd664839_JaffaCakes118

Files

76fe3daa63742c5d0c0cd47fdd664839_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a7192db47eb48a66604900193c306cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

gdi32

SetTextAlign

msvcr90

_mbsnbcpy

msvcp90

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

Sections

_TEXT
Size: - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7192db47eb48a66604900193c306cfd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

msvcp90

Sections

_TEXT Size: - Virtual size: 431B

.text Size: - Virtual size: 20KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 688B

.vmp0 Size: - Virtual size: 1KB

.vmp1 Size: - Virtual size: 51KB

.vmp2 Size: 108KB - Virtual size: 107KB

.reloc Size: 512B - Virtual size: 100B

_TEXT
Size: - Virtual size: 431B

.text
Size: - Virtual size: 20KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 688B

.vmp0
Size: - Virtual size: 1KB

.vmp1
Size: - Virtual size: 51KB

.vmp2
Size: 108KB - Virtual size: 107KB

.reloc
Size: 512B - Virtual size: 100B