a59ce50cce1376d3a72f5f7ec693add0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a59ce50cce1376d3a72f5f7ec693add0_JaffaCakes118
Size

475KB
MD5

a59ce50cce1376d3a72f5f7ec693add0
SHA1

ab4396ff8417cfc8b65149c0c198b659bcd64247
SHA256

5e920dc88c18f59b47c6d854e765e1439f4721ec1ed9b6b5bb8273243c065263
SHA512

7ac5b1ec66dc74f23227d760a258013a6f8b169d8eacfb51499e7334b36dc3f256386ac81eff9b704f6e55d29bda607bccce110a0ae911c92813b5bf2313558e
SSDEEP

12288:5k41s9vdYLuE0HFuIoH6wnZTUOXax8Y5icvzwqYYW:5M9OLRioIoH6wnS3vzWD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a59ce50cce1376d3a72f5f7ec693add0_JaffaCakes118

Files

a59ce50cce1376d3a72f5f7ec693add0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

465d26967af1346f094e36253f9c8f2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtSetInformationFile

kernel32

WaitForSingleObject
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ