0c089dc5a13ef10291cfd251fe438bd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c089dc5a13ef10291cfd251fe438bd6_JaffaCakes118
Size

61KB
MD5

0c089dc5a13ef10291cfd251fe438bd6
SHA1

fc44efa386aefc7e59746faa9cd41972b6fe6334
SHA256

2f9619471b3b83edc83654568b7a7fb20b0c0dcb69082d017dcefd66bf0d7109
SHA512

4f7ca862066ab84f1d9cac5daed34a403b3b30d7dc36ed610b49cd5a51d12d77e7dcda4d5678665ec8f941f763c037459646f956f8ca7d9e11cf3bf288360ff1
SSDEEP

1536:Q/0B56FXEhlCKko1e9PSRzevvzDmOsNSNNvp66d0jX8:3B56RGkTCzKzNUkvp6Z8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/OMSI.The.Bus.Simulator.v1.01.Crack-RELOADED/Keygen.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OMSI.The.Bus.Simulator.v1.01.Crack-RELOADED/Keygen.exe

Files

0c089dc5a13ef10291cfd251fe438bd6_JaffaCakes118
.rar
OMSI.The.Bus.Simulator.v1.01.Crack-RELOADED/ALI213.txt
OMSI.The.Bus.Simulator.v1.01.Crack-RELOADED/Keygen.exe
.exe windows:1 windows x86 arch:x86

45f177457243492c87ee53c58a045e9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendMessageA

Sections

CODE
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OMSI.The.Bus.Simulator.v1.01.Crack-RELOADED/reloaded.nfo
OMSI.The.Bus.Simulator.v1.01.Crack-RELOADED/游侠网专题导航-游侠网中国单机游戏门户.url
.url

Sharing

General

Malware Config

Signatures

Files

45f177457243492c87ee53c58a045e9b

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: - Virtual size: 8KB

DATA Size: - Virtual size: 28KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.vmp1 Size: - Virtual size: 17KB

.vmp2 Size: 61KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 104B

CODE
Size: - Virtual size: 8KB

DATA
Size: - Virtual size: 28KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.vmp1
Size: - Virtual size: 17KB

.vmp2
Size: 61KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 104B