8e5d44ebb3c72c64d0f072afb61d0aee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e5d44ebb3c72c64d0f072afb61d0aee_JaffaCakes118
Size

110KB
MD5

8e5d44ebb3c72c64d0f072afb61d0aee
SHA1

43fd6ca8aa456fc0d3cea068b62bb8af551b3da9
SHA256

ee3c815ab055cb7badf8ebc7b90e05b8e9df38c8caf6289c18d7370c6e6ef0db
SHA512

a239caa6b9451e5731d7f28346a0464aff26e81a9382d5d5ecb4798f164c4a3fa3b3ddafb2d72e292493905391117716759aa7ed873d6c177bfff9241c03edd6
SSDEEP

3072:DzMRgWnGO8WziGt7NHewW34qKjT8+CRMd9b8GqD:DwFGwWGf3qj+wMd9AL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e5d44ebb3c72c64d0f072afb61d0aee_JaffaCakes118

Files

8e5d44ebb3c72c64d0f072afb61d0aee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 282KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ