aa0b80e0bb923d9389f14492bc2c4196_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa0b80e0bb923d9389f14492bc2c4196_JaffaCakes118
Size

796KB
MD5

aa0b80e0bb923d9389f14492bc2c4196
SHA1

bae83a09102b5769574b205e5919af7fdefa9c11
SHA256

495dc2daee006858d1c8b861d1aa66bd788d3f5006da52cc8949128a880aeea8
SHA512

e871270c522574f4a777e1409268ce000dfeb1fa350c7b6d2f802631a47bd315d9361896dd7e204e21607cf4964362a8e9375c831807757b80cf8a351ce8d53a
SSDEEP

12288:EJtUyaXkKH0R5mnrt36Zq6I7tvYRIYXVDHvCRE+U3D0uMSlRniUTiouJpKpOUj:jz1Upq6IKI2H6REf9azpKpO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa0b80e0bb923d9389f14492bc2c4196_JaffaCakes118

Files

aa0b80e0bb923d9389f14492bc2c4196_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae41d0ac59a855229b90241cce41d0a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord709

kernel32

GetLocalTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfW

Sections

.text
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 854KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ