a41a9c2335327c93703b4a1dfd3eeb90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a41a9c2335327c93703b4a1dfd3eeb90_JaffaCakes118
Size

2.9MB
MD5

a41a9c2335327c93703b4a1dfd3eeb90
SHA1

40b9b60b0501b42b13299dfd3567a0a88042034d
SHA256

cfbe05776e7257d613319655c4817f3653326e34b2d746791fe5c6ddecec5198
SHA512

0dc93844b26156c58a77a23ec280fe3ba66bcf806f3f09b23528122c047f07eb09b7c7d37e81a1f034a8b8ea5902cce9d57348a4897a1d3e28efa8fa80dff918
SSDEEP

49152:HoLBBRHk0Kn10nBoUCIZpmneks7rFRNyt3cu5uLCmsu1G+x6krfn/daEo9vO:HoLx1wyJCve2t3cqjmB1GDkrDoE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a41a9c2335327c93703b4a1dfd3eeb90_JaffaCakes118

Files

a41a9c2335327c93703b4a1dfd3eeb90_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9adbe39c4d76d51ec885f36a0ffa3b79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaI4ErrVar

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 993KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE