f6281e1c13ec981c5ffedd2126b4fdec_JaffaCakes118

General

Target

f6281e1c13ec981c5ffedd2126b4fdec_JaffaCakes118
Size

80KB
MD5

f6281e1c13ec981c5ffedd2126b4fdec
SHA1

a58508885e4345d1eef9da825da8a708c82d2db6
SHA256

d06f1de4714bbbf89ff6976f3ce7003004359f63fd33fdcfc5bffef8ba55d0e5
SHA512

259a5a6bd24a1a08d938f134cfa134faebf1db5d28597ebd0705e6c8a419132c0a94a9adcec6ace7f7decd6873ceac8ddd6cdd5cf11ab40e3731cbabdc560264
SSDEEP

1536:hpwf5NZ3mh6LwCNHPWUgSXbhkuYdZL5SUgT4FZegjso5n7mQZ056Qnq5:hpyHG6LJHPWUgSXbhLYn5SUgSo+UQx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6281e1c13ec981c5ffedd2126b4fdec_JaffaCakes118

Files

f6281e1c13ec981c5ffedd2126b4fdec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd6d6dc0106eb9fefcdb77c628cfb969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
MoveFileA
lstrcatA
lstrcpyA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
Sleep
WritePrivateProfileStringA
CopyFileA
CreateDirectoryA
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceA
WriteFile
CreateFileA
GetLastError
VirtualFree
VirtualAlloc
WinExec
ExitProcess
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
CreateThread
WaitForSingleObject
CreateProcessA
GetWindowsDirectoryA
GetTickCount
GetCurrentThreadId
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
RtlUnwind
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageA
GetMessageA
FindWindowA
SendMessageA
wsprintfA
GetInputState
MessageBoxA

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd6d6dc0106eb9fefcdb77c628cfb969

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 16KB

.text Size: 512B - Virtual size: 63KB

.text Size: - Virtual size: 512B

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 71KB - Virtual size: 70KB

.reloc Size: 512B - Virtual size: 156B

.text
Size: - Virtual size: 16KB

.text
Size: 512B - Virtual size: 63KB

.text
Size: - Virtual size: 512B

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 512B - Virtual size: 156B