fb4643c4eeeb23aafa06bb3c0acf5de2_JaffaCakes118

General

Target

fb4643c4eeeb23aafa06bb3c0acf5de2_JaffaCakes118
Size

25KB
MD5

fb4643c4eeeb23aafa06bb3c0acf5de2
SHA1

a0d1c6508124c505e1913d2388b5944b3e6992a5
SHA256

cd44525251607b040ae722917dbfcb69230aa9f5fec7bc3734240ae8583106eb
SHA512

9eebcf354497be8e4ba93c0ea761b9d2f6dbd273eff24d80ab7833695309a5249c6879c0450047e48bdc1850a1d7008d2dcc37bd83084acdb79b7932866a8381
SSDEEP

384:dGcMJxDTHfRmQ96dMMAd/oB0SYa47iPnwSnlTOY3VHdta6CDLz:tMTDT/RmQwSx6084S1BOY39ba6S

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb4643c4eeeb23aafa06bb3c0acf5de2_JaffaCakes118

Files

fb4643c4eeeb23aafa06bb3c0acf5de2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cf2406fd884efec9f35187355e73ee1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Sections

yzcode
Size: 243B - Virtual size: 244B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yzdate
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yzBSS
Size: - Virtual size: 17B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yzidata
Size: 75B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 48B - Virtual size: 52B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.!rc!
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp3
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf2406fd884efec9f35187355e73ee1c

Headers

File Characteristics

Imports

kernel32

Sections

yzcode Size: 243B - Virtual size: 244B

yzdate Size: 7KB - Virtual size: 7KB

yzBSS Size: - Virtual size: 17B

.yzidata Size: 75B - Virtual size: 76B

.vmp0 Size: 48B - Virtual size: 52B

.!rc! Size: - Virtual size: 512B

.vmp1 Size: 512B - Virtual size: 4KB

.vmp2 Size: 2KB - Virtual size: 1KB

.vmp3 Size: 12KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 232B

yzcode
Size: 243B - Virtual size: 244B

yzdate
Size: 7KB - Virtual size: 7KB

yzBSS
Size: - Virtual size: 17B

.yzidata
Size: 75B - Virtual size: 76B

.vmp0
Size: 48B - Virtual size: 52B

.!rc!
Size: - Virtual size: 512B

.vmp1
Size: 512B - Virtual size: 4KB

.vmp2
Size: 2KB - Virtual size: 1KB

.vmp3
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 232B