b5c93e2097d3acd45f310a28cec462e4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5c93e2097d3acd45f310a28cec462e4_JaffaCakes118
Size

33KB
MD5

b5c93e2097d3acd45f310a28cec462e4
SHA1

8a012b773a65dc994f9c0ff692fdd8c5d264b4d1
SHA256

21de65c248c93028c9bbe630754bf57e98cb1adf282a682fe9f8958702addc45
SHA512

a282b098cebcba46e54734912822ae2c6938ac84d2ffd0c4f6a702f1de481216e44e262014d36fad887d2f2dc9c65c92bd4a69844462cc4efa9145662f0c1b43
SSDEEP

768:bVKgyIEcrTcMhbOzjChUpXuWDO2EFnu3XSxmNa9DOcL0dEsB0gW57Pynwwn:bYbewM1Ov1pXuCOr8SUNaVSRB0gWdyX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5c93e2097d3acd45f310a28cec462e4_JaffaCakes118

Files

b5c93e2097d3acd45f310a28cec462e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5c97d24ed52377197518f57f9ddb2f01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteProcessMemory
VirtualProtect
GetCurrentProcess
GetProcAddress
Sleep
GetModuleHandleA
GetModuleFileNameA
DisableThreadLibraryCalls
CreateThread
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CharLowerA
MessageBoxA

Exports

Exports

VIP

Sections

.text
Size: - Virtual size: 798B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 110B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ