e236c458e99a627cf11e13a0d3e7c716_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e236c458e99a627cf11e13a0d3e7c716_JaffaCakes118
Size

241KB
MD5

e236c458e99a627cf11e13a0d3e7c716
SHA1

9af095f9c2d5900ccb62b59e9523763d64ce2615
SHA256

6f60ebfbd48352d9bb420651e5317a0063f08c1c9dc43eb8699f1bf2a55e728b
SHA512

696ca429197af3f513f412121ab10ca53be2a84a71c577b805e01750b3bba6bd90c651a371d9271209365d4ed1fc9166e4ad9f0c4d2bc3b51be72ce97a22e0d5
SSDEEP

3072:u/uGir+vl3O0dRu/FIY9qxpFa6hXpX9pLIqwguencQa97ezPadrCpPUtc:k6I+0dRwIY92fR3cqUCEezPaEp8t

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e236c458e99a627cf11e13a0d3e7c716_JaffaCakes118

Files

e236c458e99a627cf11e13a0d3e7c716_JaffaCakes118
.exe windows:5 windows x86 arch:x86

59727161bf57f58678ad3caa4d6681ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendDlgItemMessageW
MessageBoxA

gdi32

SetBkMode

advapi32

RegOpenKeyExA

shell32

SHGetFolderPathW

Sections

.text
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ