5732e02c7e2491335cb9aa4858e9fb0f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5732e02c7e2491335cb9aa4858e9fb0f_JaffaCakes118
Size

904KB
MD5

5732e02c7e2491335cb9aa4858e9fb0f
SHA1

a509bd0eae0f5f1b5599307740a14430aa00e3fd
SHA256

809d6ec836094e2081ade5f4926bb62c707cf4ff00cf85c9b282fe29d2aa5b98
SHA512

45fc65dd5469ee96b3ed4c4a1f5032d95204c0aaa0609adc0bd9273409b46a273bf61da253f834bf94ffe39205ea0309b684433ae495e4f9888cbf7bd0a4ece1
SSDEEP

24576:wICZWJpwPnaQSyJSntfHFy6hb1IMsLyRXVqR:wICW30a5yYNHo611IMsL9R

Score

7^/10

vmprotect themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5732e02c7e2491335cb9aa4858e9fb0f_JaffaCakes118

Files

5732e02c7e2491335cb9aa4858e9fb0f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CAuth@@QAE@ABV0@@Z
??0CAuth@@QAE@XZ
??1CAuth@@QAE@XZ
??4CAuth@@QAEAAV0@ABV0@@Z
?AddServer@CAuth@@QAE_NVCString@@@Z
?Decrypt1@CAuth@@AAE?AVCString@@V2@@Z
?DisableServer@CAuth@@AAEXXZ
?DllLogin@CAuth@@QAE_NXZ
?Encrypt1@CAuth@@AAE?AVCString@@V2@@Z
?Encrypt2@CAuth@@AAE?AVCString@@V2@@Z
?ExeLogin@CAuth@@QAE_NXZ
?GetRandKey@CAuth@@AAE?AVCString@@H@Z
?GetServer@CAuth@@AAE_NXZ
?ModifyPass@CAuth@@QAE_NXZ
?Pay@CAuth@@QAE_NXZ
?Reg@CAuth@@QAE_NXZ
?TestServer@CAuth@@QAE_NXZ
InstallHook
UninstallHook

Sections

Size: 48KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 528KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE