e27251be673fabd4485bffd6e381b29a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e27251be673fabd4485bffd6e381b29a_JaffaCakes118
Size

832KB
MD5

e27251be673fabd4485bffd6e381b29a
SHA1

26f2847519045cabb1bb204402a037b962aa5f15
SHA256

44297e2600133fb7bfed15558f01fdc01ae3f96cef662d5f7fbb5b2e238f70cb
SHA512

7da39afeaebc85631651808ef95db85124bbf9cebbf52e76373cb4f598df555a364215e31a67c029707f42b3ad6effbfeaf86b700fe1e53a64d9856e75cd24a4
SSDEEP

24576:6AP4FefBju+xar5V1pHXVXa7ISiCls+C:z4EZju+xiP1p3VXozQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27251be673fabd4485bffd6e381b29a_JaffaCakes118

Files

e27251be673fabd4485bffd6e381b29a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c411f78f21f4895493175077c5c66cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

oleaut32

VariantChangeTypeEx

Sections

Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 9KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 809KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c411f78f21f4895493175077c5c66cf

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Sections

Size: - Virtual size: 44KB

Size: - Virtual size: 8KB

Size: - Virtual size: 12KB

.vmp0 Size: 9KB - Virtual size: 124KB

.data Size: - Virtual size: 360KB

.adata Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 569KB

.vmp2 Size: 809KB - Virtual size: 808KB

.rsrc Size: 9KB - Virtual size: 9KB

.vmp0
Size: 9KB - Virtual size: 124KB

.data
Size: - Virtual size: 360KB

.adata
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 569KB

.vmp2
Size: 809KB - Virtual size: 808KB

.rsrc
Size: 9KB - Virtual size: 9KB