271e09bdd7b647f0939f4cd54bdc729b_JaffaCakes118 | Triage

Sharing

General

Target

271e09bdd7b647f0939f4cd54bdc729b_JaffaCakes118
Size

46KB
MD5

271e09bdd7b647f0939f4cd54bdc729b
SHA1

f5e301c48697713ef4ca48fa6b235ff707e2c014
SHA256

b13a50604a7b7d5a2aafb3321852662c7352c75e4f795757e70ce45ab75c12f7
SHA512

1ecba623a941a8361a4ddb63e7475b9e5a7ada77bca7d2cfca568eef4a5b927f5a4bb2870e5a2afdcd550bce1bfefe54bbd769149ae705c8c94532acd2b06a83
SSDEEP

768:sMZ7vJNs3AS+G3niSALXUHSzIRDfODftR3lNJJKvAbD/Nu07qFB18Nl:sQLJzS1yIrOdPJAAVu2skl

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
271e09bdd7b647f0939f4cd54bdc729b_JaffaCakes118

Files

271e09bdd7b647f0939f4cd54bdc729b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2940bd62c77b95981ae53c3b4bd911da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetTickCount
GetTempPathA
Sleep
GetCurrentThreadId
ExitProcess
GetProcAddress
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
PostThreadMessageA
wsprintfA
MessageBoxA

Sections

.text
Size: - Virtual size: 663B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ