b2910261d985fa883b096315e0c223a7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b2910261d985fa883b096315e0c223a7_JaffaCakes118
Size

35KB
MD5

b2910261d985fa883b096315e0c223a7
SHA1

9d77062cac12acbe412e2d1b0f1423f502569c6a
SHA256

d2f0c33d793a077c2a1a1efbbdb61590a32e779b519f226bb0888624c3c1a9b4
SHA512

95ba0606a421d3d597acc52b7b92f819f8c595470dd3cd1367507e681ccf06c4519d3b4724b81ae65f83eaf25b54885939c608be9e0b04aac7bdb98330065094
SSDEEP

768:2DTQMaQ5P8T39Mbu3Pd2DPpb1ZfUGHNCyx68Zy9Nh:ikOFyNb2PxfrHNx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2910261d985fa883b096315e0c223a7_JaffaCakes118

Files

b2910261d985fa883b096315e0c223a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

t1
t2

Sections

Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ