ce45bcab52fe27be7e323443ee4e3dd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce45bcab52fe27be7e323443ee4e3dd5_JaffaCakes118
Size

268KB
MD5

ce45bcab52fe27be7e323443ee4e3dd5
SHA1

99679674045ade387e099297fcbcd6106a76c38f
SHA256

4426b59e1ca5cb311be1e2791407cf04613f3ef8e3f286898f3eae65c0dcfda8
SHA512

3e44585d4d4de8ad9676c6f1c41148fe9bd13115d6a0747f280f59f81b154488b424e8bedaa01e1ee12446a9da8bd796d2750a5dc9131a3bf000232cce41425a
SSDEEP

6144:ba5Fuj3MwvZ7P7Hu1kSYqCkBM6/7Gfl8D8K1SpP:byFujT1rozNM6/7+XDp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce45bcab52fe27be7e323443ee4e3dd5_JaffaCakes118

Files

ce45bcab52fe27be7e323443ee4e3dd5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

WRITE

Sections

.text
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tbvm167h
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eixioemj
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jyzgiqs1
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdjghx7c
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

80tcyd06
Size: 152KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

afm7qdup
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 8KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 76KB

tbvm167h Size: 110KB - Virtual size: 112KB

eixioemj Size: - Virtual size: 4KB

jyzgiqs1 Size: - Virtual size: 4KB

rdjghx7c Size: - Virtual size: 132KB

80tcyd06 Size: 152KB - Virtual size: 156KB

afm7qdup Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 8KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 76KB

tbvm167h
Size: 110KB - Virtual size: 112KB

eixioemj
Size: - Virtual size: 4KB

jyzgiqs1
Size: - Virtual size: 4KB

rdjghx7c
Size: - Virtual size: 132KB

80tcyd06
Size: 152KB - Virtual size: 156KB

afm7qdup
Size: 4KB - Virtual size: 4KB