JaffaCakes118_42d8a025f1893086585c7149dd046da1 | Triage

Sharing

General

Target

JaffaCakes118_42d8a025f1893086585c7149dd046da1
Size

81KB
MD5

42d8a025f1893086585c7149dd046da1
SHA1

918dcfc5b8d1b264e73a99fec96cd40eb235e3bd
SHA256

a29486b2fa4a8d191f1781fd96e763780849f1662c7f7bfd0132908247f4d3d5
SHA512

30657f398d531808c93af2685d2730f8a8278dfdea613c5134e841cc22e4dd703689649aacace08c3883ce05f5b70e8ba2483374baabb060ba9ac110930cb20c
SSDEEP

1536:ziImDfFv7yMzWMGS1+x/E+3VX4utoW9YksvPH8ymQkNkfkxp:ziIUvHhGSc6+vSP8yGNkW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_42d8a025f1893086585c7149dd046da1

Files

JaffaCakes118_42d8a025f1893086585c7149dd046da1
.exe windows:4 windows x86 arch:x86

82a4b1a9dda2fff9e5023db8d46c2614

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
LoadLibraryA
VirtualProtect
GetModuleFileNameA

user32

LoadIconA
MessageBoxA

gdi32

GetStockObject

advapi32

StartServiceA

msvcrt

sprintf

Sections

.nsp0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.nsp1
.reloc
.vmp0
.vmp1