3c2a29370c7978259826d522d09077b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c2a29370c7978259826d522d09077b8_JaffaCakes118
Size

151KB
MD5

3c2a29370c7978259826d522d09077b8
SHA1

0b9a25254363646a694df45f7ca507d193c6f3fc
SHA256

b1860ee45af066f091254483f6bd9ff6c80c32f8459226c48ffae39ccce17761
SHA512

7e563f5b9e8afeaf591ed28d37390b8ecbe0a0508563f0aef5f0bd33ac95a72e2897b98ff545dafbcf0ada638fea9707532fae5dbd76467b8e1dd199ae93fd13
SSDEEP

3072:PAJZcA0Ax4Lb7QAdZA51O7rtPnZBUB+Qdyaw3MyZKR0mKTT0i12vN2edc:PaZZ0kJADA51O7rV7UB+QkaOFmKTTX1n

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c2a29370c7978259826d522d09077b8_JaffaCakes118

Files

3c2a29370c7978259826d522d09077b8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

779741d7b9928dd5b9e60f2f22d1982a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

gdi32

SelectObject

advapi32

CloseServiceHandle

Exports

Exports

LoadUnhookDriver
UnloadUnhookDriver

Sections

.text
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ