843739d9323769845293616e70d9920d_JaffaCakes118

General

Target

843739d9323769845293616e70d9920d_JaffaCakes118
Size

6.1MB
MD5

843739d9323769845293616e70d9920d
SHA1

251c09866fee2bef86c5c000bd91a4bc708925d4
SHA256

14b144c57c1e66ae9240eab45fffb7a23f8b32bdfd69962c20803e2212d1a13f
SHA512

2d2516d7893d88a704e881cab6c2c51399a21d9aa24ba54bd6e3dfadf1124b85918606175018a2241c0904cc83427ae47138485c5b87ef434d27f9694a6797b7
SSDEEP

98304:0fdS9kcAC/ha9rxglQLDU2MuqBjmpws0LbWcuupdX1bSxKMmF9moM2o26D2K5P+b:swpa9rilQf/wmpiLVdXvMQ7MIy2aKJd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
843739d9323769845293616e70d9920d_JaffaCakes118

Files

843739d9323769845293616e70d9920d_JaffaCakes118
.dll windows:6 windows x86 arch:x86

2c2f000d7a7e7cd1fa6a5a4e4d439369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

user32

LoadCursorA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

imm32

ImmReleaseContext

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 891KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c2f000d7a7e7cd1fa6a5a4e4d439369

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

user32

kernel32

imm32

wtsapi32

Sections

.text Size: - Virtual size: 1007KB

.rdata Size: - Virtual size: 169KB

.data Size: - Virtual size: 891KB

_RDATA Size: - Virtual size: 18KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 1007KB

.rdata
Size: - Virtual size: 169KB

.data
Size: - Virtual size: 891KB

_RDATA
Size: - Virtual size: 18KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 2KB - Virtual size: 1KB