8bd52370e7298beece38890dd0ee9ef5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bd52370e7298beece38890dd0ee9ef5_JaffaCakes118
Size

174KB
MD5

8bd52370e7298beece38890dd0ee9ef5
SHA1

0eb47d766c6e344ad31681c66e849999df5b3e30
SHA256

2609a6769efbb97acf820a56b8b0e5992760661fcac2a2abef568ddde707641a
SHA512

9a66551d95810436799ed708b17cecd4cca0bc436a44d9286f870372ab9a47673a6a0057847e26361befe45f8f26112b367800b66b63717f9fa53ed41e84f9fc
SSDEEP

3072:K+BC3K5eqKhUy53C11Kv+XvLWFcwjr+7m9M6LI7iAat0a6RNbAz6dqP5VuqoMHaQ:SK7KmwyI2XvCH+756LIbat0aUNUz+qu5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bd52370e7298beece38890dd0ee9ef5_JaffaCakes118

Files

8bd52370e7298beece38890dd0ee9ef5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9507bfc20af9a6050204e6504d019801

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ControlService

ntdll

NtSetInformationFile

kernel32

GetTempPathW
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ