efe6ae79b1eba95fb5e8f615667fb836_JaffaCakes118 | Triage

Sharing

General

Target

efe6ae79b1eba95fb5e8f615667fb836_JaffaCakes118
Size

48KB
MD5

efe6ae79b1eba95fb5e8f615667fb836
SHA1

8de1fac9cb9fd02636db2e8a256bf5c3014e9b10
SHA256

902c3cdbc9f0ee45c59635357d58006eeffa414259ae5343f2187e3a09cc3a71
SHA512

62b598f992bc6946859a37c1d565a74467bdd6fbef48792aa37d3f5ab7e1f09a628c67704b88f9489df056e14fcb555c0d2626a50b72daf1fbbcee71ba15494f
SSDEEP

768:TdP9aYMHs6Pj6jYWM55DJnn9sQDManFqHApoNBB:TBEhRjBWetn9dDMIFziNf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe6ae79b1eba95fb5e8f615667fb836_JaffaCakes118

Files

efe6ae79b1eba95fb5e8f615667fb836_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3a6f54c35c91ce3b2c9be61aee9b199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690

kernel32

GetModuleHandleA
GetProcAddress
VirtualProtect

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ