9410b06e2fe352f550c0b3e89cd5d8de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9410b06e2fe352f550c0b3e89cd5d8de_JaffaCakes118
Size

76KB
MD5

9410b06e2fe352f550c0b3e89cd5d8de
SHA1

406c4f669d17488c673b8aee61b552df3b145d43
SHA256

d9ecd09770b4a9cf9eca0a4044df20c05b0b341b72c609e5bc45dff6dab20a2a
SHA512

67e6df268eef596211db3da56f07d4b738c77626dbba71bf23ed891f9b98cc3bf50550b154a0bf8a999e2a5165ae98c1daae8c7a321696970a68cd905822d83e
SSDEEP

1536:APXg3/RrrE7sZBUM9Bx0fvZPXyGmVx4yYUiP28Jg2LY:0XoU7sZBzx0fhvyGmXMUo28gd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9410b06e2fe352f550c0b3e89cd5d8de_JaffaCakes118

Files

9410b06e2fe352f550c0b3e89cd5d8de_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2a810b5281b4647592c3b55a2889e2ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

free

shell32

ShellExecuteA

user32

MessageBeep
MessageBoxA

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 992B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 364B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ