e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118 | Triage

Sharing

General

Target

e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118
Size

3.2MB
MD5

e23246d5a16fd344dfd2fc7177d43890
SHA1

9d0ee3d8896911c2743ff89c72c30639f0851f52
SHA256

f4f02f78b8d89ed5063773985d4ad7b4c9205417b34787fb945f739134a85a8b
SHA512

01d4b4c0c60272759906f3c2d255a0378c9b4c081878866c9beef187a8c58b53d7da50109541f2da3051035e72b7a60b54710d6e3cddd01a28eb1009bc6af1ed
SSDEEP

49152:GYRxMUVRngWxp5Czu06spJDJXv2Suyic6346LE3Vtj2RwA+M:GuS0RnNYss5XvMy0346g3emA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118

Files

e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

7df22f0d37eecce615162afa855d2604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memset

kernel32

HeapAlloc
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

DllRegisterServer

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ