bdfa9a01dc7fdf6c5a89f658c11726c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdfa9a01dc7fdf6c5a89f658c11726c4_JaffaCakes118
Size

257KB
MD5

bdfa9a01dc7fdf6c5a89f658c11726c4
SHA1

1c999d77d3bb0e64deefa225e4507ac462de2c8d
SHA256

96dd9e9b9ba55a5918d961381d29c4d1cc223f2937d2a0fca48c8cd073080d52
SHA512

2cfcf345e4ec8969118d48838e259d13dd2f376ad24c7c04aae9c285fa4ef6fdb9c059807b940f3e6ef106d4b5c95718766ae680b0cb7bd460aad14edba8baba
SSDEEP

6144:DoVwptNQFPkRVew7aKmDaq4rwia7iSGNDVk0dwY0:0Ie1DatwiQifpdw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdfa9a01dc7fdf6c5a89f658c11726c4_JaffaCakes118

Files

bdfa9a01dc7fdf6c5a89f658c11726c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61a741ca50275bce1e3ceaa2514de95c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ