4652ec11923ca42fca3c65082781f1ec_JaffaCakes118 | Triage

Sharing

General

Target

4652ec11923ca42fca3c65082781f1ec_JaffaCakes118
Size

160KB
MD5

4652ec11923ca42fca3c65082781f1ec
SHA1

bd5fb5e0b204eacfa67606c7aea6ba5fef18a466
SHA256

e9129247355c33bd2bcab38f6da014864b4137bf06ea938608364977ea5701d1
SHA512

46ad443af2dc144a33fe9dc39495cc9cd3aa7288c3b27ae349d6a4a32a8cb62ccb187e131b2e3d873b5d15ef050c611e93d782a0f8fb094165d863a5dc8f1817
SSDEEP

3072:CUprN62duo7eb18up2buwDAuQieWXuXIZsOPhd5nGTHta:tyR8S2P9tecdsOPhgH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4652ec11923ca42fca3c65082781f1ec_JaffaCakes118

Files

4652ec11923ca42fca3c65082781f1ec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3fe24be7a7959f35d04148509fc7ffe6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ