82aa8834df5b0d240bbc380c6d8398c8_JaffaCakes118 | Triage

Sharing

General

Target

82aa8834df5b0d240bbc380c6d8398c8_JaffaCakes118
Size

315KB
MD5

82aa8834df5b0d240bbc380c6d8398c8
SHA1

018dadc8cf0490e3d0b5eed7c5266ac7b035a6a4
SHA256

3b1c04b67d6180837fccac72ba889cc5d359ac96169e1f4fe5fe495bb653cbc0
SHA512

50a407766868d286c03c3c345747d64902aa5815723c172d7e8864d34dcc1b3d6ea2cb341446c1f51d0467e37b2c6387cd636bc59a3d11f5254267963802fef2
SSDEEP

6144:E+PEZtduH5vQqhi8xxGpR5ClxIDa7PZhVhs/DcNW/sy0jusHn0vw:E+PEZzuH5vLf/G/5CgcVu/ANW/sBjus3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82aa8834df5b0d240bbc380c6d8398c8_JaffaCakes118

Files

82aa8834df5b0d240bbc380c6d8398c8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ