a77e2c88c29c677e49b9b623b4b4952e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a77e2c88c29c677e49b9b623b4b4952e_JaffaCakes118
Size

48KB
MD5

a77e2c88c29c677e49b9b623b4b4952e
SHA1

50098630935dec077a85316cd66cad3a0a502538
SHA256

6dc13036159e1a79020dde0a3b4ca996df5b5be42c1918790ea21261c92d8bf0
SHA512

94364d161e892fcab5fd94161c980ac920d69c343db7d98ed5c8e776ce928500d7c20a2db7b21429239936d3bd05f06edb89931964e5286d69e7a2ac185c9dea
SSDEEP

384:0lJ6ZdK6nvctegtkDK8ejILUKEqSMa24CLPFlIzTKLSGL12ah3lcGC+4Vhk9F39g:0X6ZQyxgtkDK8eeULiFl6K2Yh5Cv+6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a77e2c88c29c677e49b9b623b4b4952e_JaffaCakes118

Files

a77e2c88c29c677e49b9b623b4b4952e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0bc47c01d03c97d54aa57f83c6d44be3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket

user32

FindWindowA
GetWindowTextA
CallNextHookEx
SetWindowsHookExA

msvcrt

_stricmp
_adjust_fdiv
_initterm
free
strlen
strcpy
memcpy
sprintf
memset
strncpy
atoi
strstr
malloc

kernel32

GetSystemDirectoryA
DeleteFileA
WriteFile
GetCurrentProcessId
VirtualProtectEx
WriteProcessMemory
lstrcpyA
LoadLibraryA
GetProcAddress
CreateFileA
ReadFile
CloseHandle
Sleep
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
CreateThread
TerminateProcess

Exports

Exports

fun

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ