e03af17e78f36b705d09edba762e580b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e03af17e78f36b705d09edba762e580b_JaffaCakes118
Size

148KB
MD5

e03af17e78f36b705d09edba762e580b
SHA1

d5cef6c571c858da59b1e9beff69f29e25485eab
SHA256

787d7cf0bfc8be570501c9f11c7790ef877472d1e99429e8e7ce14d5d2f00a4b
SHA512

5e3086d325d4ffdb6a00dc725979d7bc356b1e443d0cebadd59039e3119f5d1e91b09797da5703d5b429d52330542b1fa6743b3b51d26ff5d4eeb1b0dc0caf34
SSDEEP

3072:8mDkj51VX8Pq2OhOtmkpz4wZqocSqfcWal8098nhM2SFlLv/U73:/kj5PXU1Ohymk6tUfl8C8h3SFNvI3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e03af17e78f36b705d09edba762e580b_JaffaCakes118

Files

e03af17e78f36b705d09edba762e580b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46608771ca3f1b48a58bafd14cd453fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

msvcrt

_exit

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE