828f432959d61642401fd8d4f1283f41_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

828f432959d61642401fd8d4f1283f41_JaffaCakes118
Size

212KB
MD5

828f432959d61642401fd8d4f1283f41
SHA1

53e474cc9991ec5d448f1c3e5a243d959d085d15
SHA256

55a315f98367d8bd503175238fabbaf4a5c0cdfebd2ce4bae7300448d210c147
SHA512

84be9dd61ab20162a676b9e8c53afdb3508a9baaa172c81abf37426384e3a3f57df1d71fff51323e25d307b4652f3a7f2d70012e468642b549803583c029e222
SSDEEP

3072:R1E0mIqPbEM44kmxp6MQ5lrJ3o9dD0LtBl3wNN/rwULV/VbXq+F1NauZBB:k7dRkmx6n34al05VbFXbB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
828f432959d61642401fd8d4f1283f41_JaffaCakes118

Files

828f432959d61642401fd8d4f1283f41_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9f290becd2ed3a57dc957e88fe569926

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationW
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ