deef0c759e3759b5cc0908a04eeeb359_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

deef0c759e3759b5cc0908a04eeeb359_JaffaCakes118
Size

171KB
MD5

deef0c759e3759b5cc0908a04eeeb359
SHA1

eb198b859a475e8fb072d971ac26e76503cf4eed
SHA256

994a9030a1e4ae63fc85b87efdc0fdf260670255488fb310ba108b5d52956e80
SHA512

cfaf26465d658f35fa8010a65a2466450fba85936610208bf05cfa911f64698960415bfa451e131fc2bbad3b50075f0a6fa4ca823e6515c4d67ab352d8c3351e
SSDEEP

3072:v2At9F1O5cP5BRdc6fhi4o0rDS1vfNk5FyZDzj9YD5mTWHTMYvY6GTcEo4TDXXlC:vPtlOcP5BRyEiB03IVyQf451MYQ6GZoJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deef0c759e3759b5cc0908a04eeeb359_JaffaCakes118

Files

deef0c759e3759b5cc0908a04eeeb359_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ed3feffa1e19ff8053cf59aa63000d00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA

kernel32

DecodePointer
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetRect
MessageBoxA

d3dx9_43

D3DXVec3Project

Sections

.text
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ