97289f46443c5d6cf4e5910d4cd53ab1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

97289f46443c5d6cf4e5910d4cd53ab1_JaffaCakes118
Size

511KB
MD5

97289f46443c5d6cf4e5910d4cd53ab1
SHA1

be2638528931429bcf5fe0bb3dc0bf1e02e0b433
SHA256

c0a798d016c222376d386805e7971400e23bade418374f0078de856cca40312d
SHA512

6ab43b7d96d7134f3985d56b46b50b39e37d0e877fccb9a8c87c1d90181011273f18907b9f3458cd58549e3f5796157d743231dd9e8715cbb3f6a15ea45428f9
SSDEEP

12288:+1u3YPTVw1WsEF5nIKDNN4bN2c4qoHkFxjeeY2zObo3O:h3sTVw1mF5Iy4bGqoHka52zyo3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97289f46443c5d6cf4e5910d4cd53ab1_JaffaCakes118

Files

97289f46443c5d6cf4e5910d4cd53ab1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

3a7e1d46c0b6a3649b2ac80daa1e9226

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

comdlg32

GetOpenFileNameA

Sections

CODE
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a7e1d46c0b6a3649b2ac80daa1e9226

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

comdlg32

Sections

CODE Size: - Virtual size: 580KB

DATA Size: - Virtual size: 8KB

BSS Size: - Virtual size: 8KB

.idata Size: - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 40KB

.rsrc Size: 93KB - Virtual size: 96KB

.vmp0 Size: - Virtual size: 58KB

.vmp1 Size: 416KB - Virtual size: 416KB

.reloc Size: 512B - Virtual size: 228B

CODE
Size: - Virtual size: 580KB

DATA
Size: - Virtual size: 8KB

BSS
Size: - Virtual size: 8KB

.idata
Size: - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 40KB

.rsrc
Size: 93KB - Virtual size: 96KB

.vmp0
Size: - Virtual size: 58KB

.vmp1
Size: 416KB - Virtual size: 416KB

.reloc
Size: 512B - Virtual size: 228B