b35527b5fb5b6fe9e655d05a0f98ca9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b35527b5fb5b6fe9e655d05a0f98ca9a_JaffaCakes118
Size

14KB
MD5

b35527b5fb5b6fe9e655d05a0f98ca9a
SHA1

195415e84cca3094a7c5a38204777770e1de555a
SHA256

6d5c52e2b611c761c156be815094c316699fd467f88116dcd7701c8618fc4d7e
SHA512

e21029e70bde28f6a8a9d9ca5e1d03e875e148360b702bb0e1396bce68dbda6c6133d20c6f64e6c1f8c38f07def98696603b60696d2e956d17903621d128d4e1
SSDEEP

192:vb4ULAiRNKjZZhrwpfKq0r0WpxabVlMC3MW+HQpQ6Nx:vbYiRNgPhrwz0r0UaB31pdr

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b35527b5fb5b6fe9e655d05a0f98ca9a_JaffaCakes118

Files

b35527b5fb5b6fe9e655d05a0f98ca9a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

fa
fc

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 1024B - Virtual size: 984B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ