eef32bdb038c1d6ca436156255969522_JaffaCakes118

General

Target

eef32bdb038c1d6ca436156255969522_JaffaCakes118
Size

355KB
MD5

eef32bdb038c1d6ca436156255969522
SHA1

f189b422e823f76358c68b4a7aede88a25705c65
SHA256

0624d2990284a3fd06447f51c13c043d4d5106548d25029a9e89a50aec183919
SHA512

344ad4db2ca635214d7928cb6a3e232659f5b3486c332bf554036913849e8f01138f2a85d3a3d7e19d416b3ed114fbf8647e833bf7cb345880cfa29e6c055cfa
SSDEEP

6144:0rvwI3bawjB7rH/v3Xb8j1IjjagUhtqw8dGGqh44Fj/OclyoPX1oU8OWQrBDvhCq:ujX3Xb8jC8ht+GG+twoPIQVDvUTBk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eef32bdb038c1d6ca436156255969522_JaffaCakes118

Files

eef32bdb038c1d6ca436156255969522_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ec9047c04f171c0ec4517771603ddb39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetAsyncKeyState
MessageBoxA

shell32

ShellExecuteA

wininet

InternetOpenA

gdi32

GetGlyphOutlineA

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec9047c04f171c0ec4517771603ddb39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

wininet

gdi32

advapi32

Sections

.text Size: - Virtual size: 387KB

.rdata Size: - Virtual size: 115KB

.data Size: - Virtual size: 67KB

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: - Virtual size: 27KB

.vmp1 Size: - Virtual size: 51KB

.vmp2 Size: 353KB - Virtual size: 353KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: - Virtual size: 387KB

.rdata
Size: - Virtual size: 115KB

.data
Size: - Virtual size: 67KB

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 27KB

.vmp1
Size: - Virtual size: 51KB

.vmp2
Size: 353KB - Virtual size: 353KB

.reloc
Size: 512B - Virtual size: 224B