2bdfdee5fb9d3d2f5a7b0eb75eb24cb7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bdfdee5fb9d3d2f5a7b0eb75eb24cb7_JaffaCakes118
Size

164KB
MD5

2bdfdee5fb9d3d2f5a7b0eb75eb24cb7
SHA1

07cfe7de3108fd1cd4ea0329a70aeb31de8facbc
SHA256

7aa4889806855669f633e9a847f81dc504be894d9dce7970cad251ad4e3db7e2
SHA512

ab1ff1f6619d8b584d77d61aafd9576ae0abf18f2672ea70fd6dc20734505d11317f895250d2e04fc470e0b848562413f5b877f306f26888b4661b4adeddfa9a
SSDEEP

3072:QbSNm4vpgL35xibuU59DBo0F5v1iQNhPQKimkbb7rGG:HNm4xu3iJ9DuO5wGRQKU7rGG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bdfdee5fb9d3d2f5a7b0eb75eb24cb7_JaffaCakes118

Files

2bdfdee5fb9d3d2f5a7b0eb75eb24cb7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53fb4b92fcb80e1eb1fa93ee48ea5653

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord595
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord645
ord100

kernel32

VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ