b9b2dc732d4d59000efe889b6276f2cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9b2dc732d4d59000efe889b6276f2cc_JaffaCakes118
Size

85KB
MD5

b9b2dc732d4d59000efe889b6276f2cc
SHA1

af86b7ee1c321f15b0337f5aeb93b105324bf2db
SHA256

ce4ca875aa46889283c3d1ca1e8d77c5f9ee1e9924726dbed27e29f34ba2b871
SHA512

9eb1339a7ebc845f3202d36c20a1a6074bea10cde3734c73d992787fa63121ca9298d7af140a4e989f4805e15881e8b2febc311fd22af881d47c3546e857b99d
SSDEEP

1536:q8N2F/UZmHXKQkvrZmzozqW6KB88JEWviPASVElKeVb:wxUZmovdmzozqWLB11viPAhlK8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9b2dc732d4d59000efe889b6276f2cc_JaffaCakes118

Files

b9b2dc732d4d59000efe889b6276f2cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8247574c166067413b6cd924f175117f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

pstorec

PStoreCreateInstance

msvbvm60

__vbaStrI2

Sections

.packed
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLPack
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE