acf6cb30b6e0d46ee301b60a7703d0b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acf6cb30b6e0d46ee301b60a7703d0b2_JaffaCakes118
Size

11.5MB
MD5

acf6cb30b6e0d46ee301b60a7703d0b2
SHA1

90b940980aec5c379a7d9a8fadbdecf08f205959
SHA256

f570c8c393e82259f1869fb4592edcd7d9a6a1c1ae1174676b10132056f4b787
SHA512

53b1f0547ff5bc6cc45a23472f7a07eeea0d2a5861960c4f152782bd1e29e44c9cd0e12d86b0789de0dbcaabafc715ce1299919c715ac9d2fafa9bfaef4dd1c3
SSDEEP

196608:k+FRiFJOjl2DLTig3vj4GcpVvsEmkxvNrpIWFmvCyO5XcODYS5SF5N3L9PDMxryK:knFJOx4icvUGGvD9FFiODf5SV3L8QJe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acf6cb30b6e0d46ee301b60a7703d0b2_JaffaCakes118

Files

acf6cb30b6e0d46ee301b60a7703d0b2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

985cf5f4c7c2c6d08faaf1b0cb37796b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrCmp

kernel32

FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ