3f560a81a4ac8711d4fc52da425a3dcf_JaffaCakes118

General

Target

3f560a81a4ac8711d4fc52da425a3dcf_JaffaCakes118
Size

17KB
MD5

3f560a81a4ac8711d4fc52da425a3dcf
SHA1

e20a4a82c3857b7c0cf175c0f8a1e2940f09a3fe
SHA256

06f508bb9098c8ed190604c01b99597278c7e4e149eddb1ec9d603f2c5c9f080
SHA512

cc72eb0bbaf333a7bb7ba66b7cf26b2e058d5a8003b1b8a2951d36273b112a1270c3ccc92eb9accf7096c5e975211f02455be820e7e068a48f1738e6d85ca6c6
SSDEEP

384:5ROJSME9ipI1h9hEUDEuK3NpY8P91GXMTZUo:50JSMEsO1vhVDW3NprfGXM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f560a81a4ac8711d4fc52da425a3dcf_JaffaCakes118

Files

3f560a81a4ac8711d4fc52da425a3dcf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2db6517a44ce6ff89db65130e9ff8d3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
__CxxFrameHandler
_onexit
??2@YAPAXI@Z

kernel32

UnmapViewOfFile
LocalAlloc
CloseHandle
WriteFile
SetEndOfFile
CreateFileA
GetProcAddress
LoadLibraryA
CreateProcessA
GetTempFileNameA
GetTempPathA
CreateThread
MapViewOfFile
CreateFileMappingA
GetFileSize
Sleep
FreeLibrary
GetModuleHandleA
LocalFree

mfc42

ord1176
ord269
ord826
ord600
ord1578
ord6467
ord1243

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2db6517a44ce6ff89db65130e9ff8d3f

Headers

File Characteristics

Imports

msvcrt

kernel32

mfc42

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 4B

.vmp0 Size: 512B - Virtual size: 328B

.vmp1 Size: 10KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 4B

.vmp0
Size: 512B - Virtual size: 328B

.vmp1
Size: 10KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 272B