84384fdebab1799d718abb51cf4aa63b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84384fdebab1799d718abb51cf4aa63b_JaffaCakes118
Size

531KB
MD5

84384fdebab1799d718abb51cf4aa63b
SHA1

7b7b8c44ba8d554eab751dc2efd4366b7b2744f5
SHA256

37e306ef267276e81d5a08b16c27c323e3b00c3c9dcd40fc4d5b8bf349d67f3b
SHA512

08838ed5cd3548374f20a78b8604103ba76e4e3864a8fad40e32dfadbd272b0dc460923fab7433a41b287ee462a09ffa57aebb4495a222cbe4007dae7092929d
SSDEEP

12288:EQSIwHRlrfnLGvGNEfyJkVyRuLpSXchD4FhjCSwMmHVoTW:QPrfLGi7Ru1SXchqhW1MmHVoTW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84384fdebab1799d718abb51cf4aa63b_JaffaCakes118

Files

84384fdebab1799d718abb51cf4aa63b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 560KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ