392906694d05e3a4fa75e2abe7daa98e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

392906694d05e3a4fa75e2abe7daa98e_JaffaCakes118
Size

257KB
MD5

392906694d05e3a4fa75e2abe7daa98e
SHA1

34066afe3f68ae39793e01d93d050b906be439c2
SHA256

e7cf6e925c273f2c378df41d8c2005a2fd29ff39b55ee9c84963fb8695487ef0
SHA512

043ff225ac399d969f899670d349a5ba119aabb187a320dabad1cb2b223947c73d95cda84078849fe7968731507754b22bdbd37da24c29b59b256a6e138ee3ee
SSDEEP

6144:AH9prIaHpy0FBf5Tvi2YeXDOETA361RBryqDl0/ZVx5rHp14Nw:AdprIaHYkBBDDYgpIqD0ZlFX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392906694d05e3a4fa75e2abe7daa98e_JaffaCakes118

Files

392906694d05e3a4fa75e2abe7daa98e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5b246a71f3d14ae77ac73570bd4da351

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetThreadContext
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType

advapi32

RegCloseKey

oleaut32

SysReAllocStringLen

wsock32

ntohs

ntdll

NtQueryObject

Sections

CODE
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b246a71f3d14ae77ac73570bd4da351

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

wsock32

ntdll

Sections

CODE Size: - Virtual size: 77KB

DATA Size: - Virtual size: 3KB

BSS Size: - Virtual size: 6KB

.idata Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 128B

.vmp1 Size: - Virtual size: 177KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 254KB - Virtual size: 254KB

.reloc Size: 512B - Virtual size: 176B

CODE
Size: - Virtual size: 77KB

DATA
Size: - Virtual size: 3KB

BSS
Size: - Virtual size: 6KB

.idata
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 128B

.vmp1
Size: - Virtual size: 177KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 254KB - Virtual size: 254KB

.reloc
Size: 512B - Virtual size: 176B