d3891de582f66a28855e9a5604642580_JaffaCakes118

General

Target

d3891de582f66a28855e9a5604642580_JaffaCakes118
Size

48KB
MD5

d3891de582f66a28855e9a5604642580
SHA1

ac059b21f57974bb4aaefbbbf8fab57fe7275f7e
SHA256

9bca833cf83c04bfe0151c98f6e290c9b75ee14a818757a50287bfe2b1b19754
SHA512

d483386e418bcb0ae3513e72c8a3cfdd1e018c7339f0a438d719c62c27e5e3de1e649409cda7d5d49059298dfd0cfc65b1b3644ecb34085b6288a41a1cc165cc
SSDEEP

768:CI55QfNoT5xBuj/zUb8G9Fa2h39cAGzLLyXSlcuSYd1H3PwSG3KLIulgkeLg:C25QV4b8G9DhNs3yCDHHIS8uqke

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3891de582f66a28855e9a5604642580_JaffaCakes118

Files

d3891de582f66a28855e9a5604642580_JaffaCakes118
.dll windows:4 windows x86 arch:x86

65ed6e4278ba86ab8967a6c1593a4d48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA

Exports

Exports

dll

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65ed6e4278ba86ab8967a6c1593a4d48

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 600B

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 738B

.data Size: - Virtual size: 13KB

.data Size: - Virtual size: 56B

.vmp1 Size: - Virtual size: 23KB

.vmp2 Size: 46KB - Virtual size: 46KB

.reloc Size: 512B - Virtual size: 96B

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 600B

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 738B

.data
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 56B

.vmp1
Size: - Virtual size: 23KB

.vmp2
Size: 46KB - Virtual size: 46KB

.reloc
Size: 512B - Virtual size: 96B