a0fa37f088de4bd4c2283739e0060cf4_JaffaCakes118 | Triage

Sharing

General

Target

a0fa37f088de4bd4c2283739e0060cf4_JaffaCakes118
Size

1012KB
MD5

a0fa37f088de4bd4c2283739e0060cf4
SHA1

ac4b7a072d8f84b612fb65d3a2860795f88b31d1
SHA256

c47b63cf579ea0de2ce736d4e66bb3d97919073f1c5596836c4bca0c04bfa0f5
SHA512

51f3db039951736fd41a15fa7087efe89a994f67e17c6705bf0b299011fbe1ebeb92a59343ce60ea22d11acc0e6dd4f6c27c56a7e4616bf1a747118bf2af7566
SSDEEP

24576:U9Jy0zYttzCpFDg77mM8F8ri87VLQR/PrnGcTi77QZrvrY2A:aJXMbzYFUPGeij5PKKrY2

Score

7^/10

vmprotect themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0fa37f088de4bd4c2283739e0060cf4_JaffaCakes118

Files

a0fa37f088de4bd4c2283739e0060cf4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CAuth@@QAE@ABV0@@Z
??0CAuth@@QAE@XZ
??1CAuth@@QAE@XZ
??4CAuth@@QAEAAV0@ABV0@@Z
?AddServer@CAuth@@QAE_NVCString@@@Z
?Decrypt1@CAuth@@AAE?AVCString@@V2@@Z
?DisableServer@CAuth@@AAEXXZ
?DllLogin@CAuth@@QAE_NXZ
?Encrypt1@CAuth@@AAE?AVCString@@V2@@Z
?Encrypt2@CAuth@@AAE?AVCString@@V2@@Z
?ExeLogin@CAuth@@QAE_NXZ
?GetRandKey@CAuth@@AAE?AVCString@@H@Z
?GetServer@CAuth@@AAE_NXZ
?ModifyPass@CAuth@@QAE_NXZ
?Pay@CAuth@@QAE_NXZ
?Reg@CAuth@@QAE_NXZ
?TestServer@CAuth@@QAE_NXZ
InstallHook
UninstallHook

Sections

Size: 60KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 536KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE