2eb48bc01d5eb791bcafd04e988afb93_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2eb48bc01d5eb791bcafd04e988afb93_JaffaCakes118
Size

87KB
MD5

2eb48bc01d5eb791bcafd04e988afb93
SHA1

da71caff634ad0bdd8e4acf0ec6777386b664051
SHA256

951509005362735751a1dd939fd21674072dcd3447d9f9fcb98f4780a490978c
SHA512

d326327a146f09b4c934450b17cedcccbe9ac0bbc9723650449c1310507a37151a484bef611d96a15f1d2c2e0cd0f34669b5809a561c59380a1167baea04d28f
SSDEEP

1536:Q327A0BIwxvnUnZPY8dOeiwIpH5fOIKrCnQe5pZlNSQZwbUj4sCeZ4O:97AzUUJt5i3HxxnP7Sqks

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eb48bc01d5eb791bcafd04e988afb93_JaffaCakes118

Files

2eb48bc01d5eb791bcafd04e988afb93_JaffaCakes118
.dll windows:5 windows x86 arch:x86

905cbf314eef9554e2bdf5c1d4671591

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ScreenToClient

d3dx9_43

D3DXCreateLine

msvcr100

_malloc_crt

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ