8b83eec1c4817039508d39d6e4d85acf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b83eec1c4817039508d39d6e4d85acf_JaffaCakes118
Size

480KB
MD5

8b83eec1c4817039508d39d6e4d85acf
SHA1

c9d3abc5f3b4caf93f03bfc0e428e15be35899de
SHA256

fab905b16ac891ed35c2571d1f938ef9730395d26f491b3815c75e6aaa8a56e5
SHA512

72d783fdfa16481d303d6aa235186aa7bbf9da6f047d134d22f6c24c0a14fbc270e469937d3310a317fdeaa814cf8d57fb9861504a6436b5a6de3810b90e3370
SSDEEP

12288:yE/DZXJtpH61dwZiXycOFJbSMS8yiLZhfOhjUvDOutUViWMC2gM:5/DZTpH6zwZFJe18yu/fpy6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b83eec1c4817039508d39d6e4d85acf_JaffaCakes118

Files

8b83eec1c4817039508d39d6e4d85acf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6e5971c6a19d1dcb25e64a824cadecf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

__CxxFrameHandler

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6e5971c6a19d1dcb25e64a824cadecf

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: - Virtual size: 403KB

.rodata Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 40KB

.data Size: - Virtual size: 473KB

.rsrc Size: 36KB - Virtual size: 256KB

.vmp0 Size: - Virtual size: 53KB

.vmp1 Size: 424KB - Virtual size: 420KB

.vmp0 Size: 4KB - Virtual size: 188B

.vmp1 Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 716B

.text
Size: - Virtual size: 403KB

.rodata
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 473KB

.rsrc
Size: 36KB - Virtual size: 256KB

.vmp0
Size: - Virtual size: 53KB

.vmp1
Size: 424KB - Virtual size: 420KB

.vmp0
Size: 4KB - Virtual size: 188B

.vmp1
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 716B