7870e524d3ea3043405cb97ea9833b7a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7870e524d3ea3043405cb97ea9833b7a_JaffaCakes118
Size

2.1MB
MD5

7870e524d3ea3043405cb97ea9833b7a
SHA1

f6d13d373773efb9b49c7d7dbfd5cbe2a1d3097f
SHA256

446ec9bdd3f339bd1a6317390f9b8164a5b672f9644a4b34afab5a5cf26d9125
SHA512

4827cab38c318ba4c2488e2a0445b8e956c63ab6da6ec7efcbf3511346f639ad6b567afde43e599257f4ccbdc028871666fa994583e4d7973d09270c4571d5f7
SSDEEP

49152:URvspQgQtxQPhityRZ2RT67KAzu1ZZNc6g6EIYummZqKN:ikpDPEq2RXgcZXg6LZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7870e524d3ea3043405cb97ea9833b7a_JaffaCakes118

Files

7870e524d3ea3043405cb97ea9833b7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d5be5e2fa664024d1601ae91232e322

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaUI1Var

kernel32

GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ