a897c6c7acfe1e450596f3983e713b29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a897c6c7acfe1e450596f3983e713b29_JaffaCakes118
Size

1.4MB
MD5

a897c6c7acfe1e450596f3983e713b29
SHA1

d1acbadc4b0477ee0496d63bb3e54782d6657383
SHA256

edb3a246ded79b97ba4fd412afbc4b69fe1775a94da2a889ed3af71c587171c2
SHA512

b77e5a75a7da8b46b3502efeeb5e22db319ee6a0ba2a0d6f998a25628af44f5f8e903f1b4eb4b6969f4e7173b952bd9e684a966caed7fead2b56611d8b64f02c
SSDEEP

24576:aPJkyQtB5pCJBey1G1H/QXSrl6fs5XqNtUIVARt07epvMIj2HNKZW:aPJNMvCJBP4hUQsUXq7VwtieN/2HNZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a897c6c7acfe1e450596f3983e713b29_JaffaCakes118

Files

a897c6c7acfe1e450596f3983e713b29_JaffaCakes118
.exe windows:4 windows x86 arch:x86

787f32b55933e34cc3b4035a44c4067b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaFPException

user32

MessageBoxA

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE