fb648eaa19361a69dde5a9641a9a8847_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb648eaa19361a69dde5a9641a9a8847_JaffaCakes118
Size

67KB
MD5

fb648eaa19361a69dde5a9641a9a8847
SHA1

1a91a0b6d9b4c55b6bb216a659e7230da9d571f2
SHA256

545d6bf66c6cbcc302b9b365a7257f55440d9e0ad544d32a4e2791cfdbe0c52b
SHA512

2054d1142fada8412fe65b1e92a621e7cdeebeb154e68ffdd959e6c1a5d9c825aff38baa55f9c314306b1b47aaa604952b7b79bca272876d9e1640f99c1f184e
SSDEEP

1536:gtvb14JRppQVeEKJkJrMTwV8nULvAy3H/Z:+2JfEKlwM8vAG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb648eaa19361a69dde5a9641a9a8847_JaffaCakes118

Files

fb648eaa19361a69dde5a9641a9a8847_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

��ש�
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ߡ��
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ