a8b44b870f29d61303ad889556364b5e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8b44b870f29d61303ad889556364b5e_JaffaCakes118
Size

228KB
MD5

a8b44b870f29d61303ad889556364b5e
SHA1

4e92ae03bbce263bcd4816488e6d2c71eaef66b9
SHA256

9df28607b8539f0729032751daa4cd5d82996610ef3db5e032f50b7ebcf11eef
SHA512

b3e9e732827a46bd5a455700f89c57eb545f9fb8d8607dccc05f656550abe07c260bc798bc4dbdd81f46132309dd761208ac7d0c19d5bb309fc95fbc1bf07af2
SSDEEP

6144:6Dj5xx7WCdGZlsht7779gFVqQr2wzYk66EK3kNkaOkP:6Dj5G/C779gTqZAGtakND

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8b44b870f29d61303ad889556364b5e_JaffaCakes118

Files

a8b44b870f29d61303ad889556364b5e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2fe8f758538a46222298f7bfc3b36b45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA

psapi

GetModuleBaseNameA

user32

SetWindowLongA

imagehlp

ImageDirectoryEntryToData

kernel32

FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ