b07b117094251152ebaf9f169dae1923_JaffaCakes118 | Triage

Sharing

General

Target

b07b117094251152ebaf9f169dae1923_JaffaCakes118
Size

73KB
MD5

b07b117094251152ebaf9f169dae1923
SHA1

c02e068a5cf7bc42db945fedcdd33ad6aa9c6055
SHA256

b128c137efd9ecd6d395533dfb87b36d0e5c436b0e70b87443b7c88dd1e859b8
SHA512

07a68676172064c0196ec553e25ce4a1e0a25b6f0ec925821fb59462240ba7b21ff1ab86a3f41c1240cf50f2ef1760682b16dae8b257d70aa508e60a57805706
SSDEEP

768:yxrq95JYX+sNFVlk3AvNcnSJenJx7LzB:cr0s+6HlaAVcSJen/B

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b07b117094251152ebaf9f169dae1923_JaffaCakes118

Files

b07b117094251152ebaf9f169dae1923_JaffaCakes118
.dll windows:0 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ