fa0c5f3ad3f09c1fc4872d016880772c_JaffaCakes118

General

Target

fa0c5f3ad3f09c1fc4872d016880772c_JaffaCakes118
Size

1.4MB
MD5

fa0c5f3ad3f09c1fc4872d016880772c
SHA1

e9abed2021c9191f6c103b92206d94be0ce7d12b
SHA256

04e58fee9271dfb35493ee49f71511597df8b65ca492f10b7250c932352727d7
SHA512

600742b4ff95786cad2e91b01827de92481efbce59b9dac4ecb2816ed1be52d1b361dea6c15a5682f583f9398fa1da879fc276bdf02781a67871083dd1b053df
SSDEEP

24576:l2MuJm0sMrb8oQxQv/HcCGbwO+jbXFT0CNiTKUiT5hC4Bt/P1GCVnqu:MMu80b4pKvfcUjja3KrdhjXdV9qu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0c5f3ad3f09c1fc4872d016880772c_JaffaCakes118

Files

fa0c5f3ad3f09c1fc4872d016880772c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

HookOff
HookOn

Sections

Size: 270KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hysoivjz
Size: 754KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gorvcwea
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Exports

Exports

Sections

Size: 270KB - Virtual size: 604KB

.edata Size: 512B - Virtual size: 86B

.vmp0 Size: 37KB - Virtual size: 36KB

.rsrc Size: 169KB - Virtual size: 169KB

.vmp1 Size: 234KB - Virtual size: 233KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 964KB

hysoivjz Size: 754KB - Virtual size: 756KB

gorvcwea Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 86B

.vmp0
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 169KB - Virtual size: 169KB

.vmp1
Size: 234KB - Virtual size: 233KB

.idata
Size: 512B - Virtual size: 4KB

hysoivjz
Size: 754KB - Virtual size: 756KB

gorvcwea
Size: 512B - Virtual size: 4KB