882b80ee96a2ff0e4dd56dbe071889f8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

882b80ee96a2ff0e4dd56dbe071889f8_JaffaCakes118
Size

1.2MB
MD5

882b80ee96a2ff0e4dd56dbe071889f8
SHA1

001ce52a4e28991066689aa76da9ad8803044b99
SHA256

1aa5ab28c620e7be3d91ee61c20dc914288fe379ed57bb131eea4242d2ca63ce
SHA512

001310afc4f9ee3cbd72be665c17ee90670d50a4790123ff4915e90a59b4765fdfc28a6bddd3a952a8a59019d0681be4f3b9b9fadbdc225a762ee588ebd7516f
SSDEEP

24576:xCohnR7ET4YXmK1AqLxnkL/5ayXrWC2KjO:IQRO0UxOEi6CC

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
882b80ee96a2ff0e4dd56dbe071889f8_JaffaCakes118

Files

882b80ee96a2ff0e4dd56dbe071889f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 112B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE