25c85a8396ec2d4df878d2e2d3996a75_JaffaCakes118

General

Target

25c85a8396ec2d4df878d2e2d3996a75_JaffaCakes118
Size

102KB
MD5

25c85a8396ec2d4df878d2e2d3996a75
SHA1

67051be3d462cb4d89863e27f73441416dd3cc22
SHA256

6f5099afeb24c9ed63d26cf0eae07f7e0aa7d8038f3a94eab92610c178be4208
SHA512

4773b6de63a42a82b1d533f7e3330cbd267fb5a4855092f5470dadf1b735933a9f47ee2c99fb4bf7a72b5e6678098d0f7ed2d6cbc553bfff840e60aa0911699e
SSDEEP

1536:Yey+VCO8uNRffbruhDRNK6rvgdn8Tq0fACQZ9zSC7BN6rCANg5iCl:9yGjnjrWVBvgd8Tq0fACOz17mIIE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25c85a8396ec2d4df878d2e2d3996a75_JaffaCakes118

Files

25c85a8396ec2d4df878d2e2d3996a75_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b5522e3cb1a06aa45b8ea81f4fa8f833

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LocalAlloc
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType

advapi32

RegCloseKey

Sections

CODE
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5522e3cb1a06aa45b8ea81f4fa8f833

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

CODE Size: - Virtual size: 12KB

DATA Size: - Virtual size: 236B

BSS Size: - Virtual size: 1KB

.idata Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 892B

.rsrc Size: 1KB - Virtual size: 1KB

.vmp1 Size: - Virtual size: 62KB

.vmp2 Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 104B

CODE
Size: - Virtual size: 12KB

DATA
Size: - Virtual size: 236B

BSS
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 892B

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp1
Size: - Virtual size: 62KB

.vmp2
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 104B