f02563a1ad488a3e2ed740d1406f5e19_JaffaCakes118 | Triage

Sharing

General

Target

f02563a1ad488a3e2ed740d1406f5e19_JaffaCakes118
Size

331KB
MD5

f02563a1ad488a3e2ed740d1406f5e19
SHA1

c192c849da7b2a45598c9fc68c5ce82aa9bbb2db
SHA256

c743f558a0ed6773926dd526537207691b33d14882705cac2aa9b61ad22b632a
SHA512

05edfb2f30a3c590be0d120ecf4509feb75c2198d4622ddbb517454586639e4dc6235504246e65eb9f6acf8725ae5f31104f502a40f51dd241ce8024f02a2df2
SSDEEP

3072:ApZg5bgZDNUQI2aMvCMjau9ypOg98KbvEKh1DvW/SpHDfsIHJI:CMgFNUQIm6MWu9ypN1vh1bbpHD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f02563a1ad488a3e2ed740d1406f5e19_JaffaCakes118

Files

f02563a1ad488a3e2ed740d1406f5e19_JaffaCakes118
.dll windows:4 windows x86 arch:x86

acd9fa3a74cc4c1d92998e6ad62eeb8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA

user32

wsprintfA
MessageBoxA

Exports

Exports

ServiceMain
ServiceMainManual

Sections

.data
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 308B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ