134a8f427623281ab9475256951feb19_JaffaCakes118 | Triage

Sharing

General

Target

134a8f427623281ab9475256951feb19_JaffaCakes118
Size

144KB
MD5

134a8f427623281ab9475256951feb19
SHA1

b46ee9add4b440b8077a5ff9da9263e0d9d524c6
SHA256

ca8831c77a99489b0833b08b885829fae5f5e63eb9706a14cf57351f61636a19
SHA512

3f4b0992fdf130ef4375df1a0984584498899b849a063bb9f737fbd5b70d1ca9bf2283afcd5c2d200fc7ba99c83e39db143a456f11d72b3bc5c3eece556d2871
SSDEEP

3072:OXV1U0H4dDPGXfOkjM/iB0SKhTvQrTvW2fWscWgHUdC1Kg:OXVTgrCxjulSx/NOs7gp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
134a8f427623281ab9475256951feb19_JaffaCakes118

Files

134a8f427623281ab9475256951feb19_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92de6e7217d695b63606ee69910d3778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

CreateSolidBrush

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ