198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118 | Triage

Sharing

General

Target

198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118
Size

1.9MB
MD5

198ed15d20f0d64bd9a7383e8508eaa4
SHA1

6685819491b5b99b28a79a79482d1e6899294cb6
SHA256

021d5f7d81f8cfde810dca7d8fca6befb451305a32a114c840306b2da407d12f
SHA512

c8c0e39a8c733bc333a6a8b38e3483256217708fdd1987d04aef8fbff74f60aea8c56eb7ab9c4067ceea19a11eb8dfbcd9156a9124366ca0944d250649477d1c
SSDEEP

49152:lo8SFasq25kDnChAsm7cdpmAgMdUldZBRlKVPgdQDG8:lovssq2SCusTzBST4tqsd

Score

7^/10

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118

Files

198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bac874d5d54424415b69792cfbe64a51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaRecDestructAnsi

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE