eacbfef00ff334e406fd02958129e2dc_JaffaCakes118 | Triage

Sharing

General

Target

eacbfef00ff334e406fd02958129e2dc_JaffaCakes118
Size

76KB
MD5

eacbfef00ff334e406fd02958129e2dc
SHA1

0f118b8ed1eda0656279e8667550db2186531144
SHA256

b85cc52afc3fcb4dc5f28491c8c1c937c739e65506a947f8d4c8790eec92acbf
SHA512

f7779e0a38c880f987c9317b4850313c0d614fb6b829d0ff95aa070f1a3dc7a7b3272b8fe20102a077d4db77ff28602bde528d563b592868c66d51dbc84e14f9
SSDEEP

1536:LO3pRIHxyaURyBHkmCLG3RAO7pCaaE/0kn8DqBTW37BWm71Ue:K5RIHxUyBHoMDCa7cOugTW3dd1

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eacbfef00ff334e406fd02958129e2dc_JaffaCakes118

Files

eacbfef00ff334e406fd02958129e2dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd55849f127c8a6ed9dbfe397271a22f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord537

msvcrt

_controlfp

kernel32

GetShortPathNameA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

RegisterWindowMessageA
MessageBoxA

ole32

CoInitialize

oleaut32

VariantInit

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

oleacc

ObjectFromLresult

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ