b5ece86b7badd63ab15d6c3239f50ac2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5ece86b7badd63ab15d6c3239f50ac2_JaffaCakes118
Size

976KB
MD5

b5ece86b7badd63ab15d6c3239f50ac2
SHA1

e750c8638e2b9713b4374b62561f0061fdc452f9
SHA256

bb968fcee0db30d25a71fe7febcece553a3f8632fd1e1216f0c73ae56817a4c1
SHA512

cda5861a843c6a0932acdd93df5c261fcc0e5b70cfe09f5268110ab68952a06ff37782f1a75946a8e91f9744ce6982faca1aa601fedae09a7c9603d2be72d786
SSDEEP

24576:eDtnvpOo6d+esXcQ+8YETVtLW4JFfaJ3h:+tROo6r7Q+8YyVtLWe+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5ece86b7badd63ab15d6c3239f50ac2_JaffaCakes118

Files

b5ece86b7badd63ab15d6c3239f50ac2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

613bc8dd3a2a7acaace062ab18b38640

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrcpy
VirtualProtect
ExitProcess

comctl32

InitCommonControls

Sections

Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 964KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ