ea4510bb48a3c7b3351c958b1821ffc3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea4510bb48a3c7b3351c958b1821ffc3_JaffaCakes118
Size

3.5MB
MD5

ea4510bb48a3c7b3351c958b1821ffc3
SHA1

639355e9bbab3725a23d93ac6cb639e4545089de
SHA256

0ce60e0b2b2ba26558bac178030d061a7f328979936c497a659d447936dbdaed
SHA512

ac3fdf19ada5f94e91629e2adadd5241f2538266d8e997166468bbf6fced19fc5922e35fdbc05cd68e84187db9e32148a7bdeb19c59aa7280e436668d4465732
SSDEEP

49152:9hG84Nq9+2sX4tLRE+7NaExfshEg4yoyUE4z9b/4RGZfXwLqNksTV46uVYjb2FEZ:9hGTNqwjX4teefs9/oGk9bAuffu6F3Tl

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

ea4510bb48a3c7b3351c958b1821ffc3_JaffaCakes118
.sys windows:10 windows x64 arch:x64

8d1933e7cf082b74588ac889e8e6473d

Code Sign

86:b5:ab:0a:87:36:4a:10:44:e4:50:98:3a:21:e1:87
Certificate

Issuer

CN=TrustOcean Organization Software Vendor CA,O=TrustOcean Limited,C=US

Not Before

06/10/2020, 00:00

Not After

06/10/2021, 23:59

Subject

CN=海南训英商贸有限公司,O=海南训英商贸有限公司,POSTALCODE=571999,STREET=金江镇兴吉巷37号,L=澄迈县,ST=Hainan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:77:ba:de:f6:83:54:84:b8:ce:b0:dd:2b:58:f4:08
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

29/01/2020, 00:00

Not After

28/01/2030, 23:59

Subject

CN=TrustOcean Organization Software Vendor CA,O=TrustOcean Limited,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:16:20:58:1b:17:eb:5a:1e:df:a2:d6:75:61:cd:d9:57:7f:8d:61:b0:b3:1b:a4:ee:0f:13:78:79:55:56:2c
Signer

Actual PE Digest

ca:16:20:58:1b:17:eb:5a:1e:df:a2:d6:75:61:cd:d9:57:7f:8d:61:b0:b3:1b:a4:ee:0f:13:78:79:55:56:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

wdfldr.sys

WdfVersionUnbind

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1933e7cf082b74588ac889e8e6473d

Code Sign

86:b5:ab:0a:87:36:4a:10:44:e4:50:98:3a:21:e1:87Certificate

Extended Key Usages

Key Usages

79:77:ba:de:f6:83:54:84:b8:ce:b0:dd:2b:58:f4:08Certificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ca:16:20:58:1b:17:eb:5a:1e:df:a2:d6:75:61:cd:d9:57:7f:8d:61:b0:b3:1b:a4:ee:0f:13:78:79:55:56:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

hal

Sections

.text Size: - Virtual size: 20KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 1KB

INIT Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 2.3MB

.vmp1 Size: 512B - Virtual size: 8B

.vmp2 Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 512B - Virtual size: 160B

86:b5:ab:0a:87:36:4a:10:44:e4:50:98:3a:21:e1:87
Certificate

79:77:ba:de:f6:83:54:84:b8:ce:b0:dd:2b:58:f4:08
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ca:16:20:58:1b:17:eb:5a:1e:df:a2:d6:75:61:cd:d9:57:7f:8d:61:b0:b3:1b:a4:ee:0f:13:78:79:55:56:2c
Signer

.text
Size: - Virtual size: 20KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 1KB

INIT
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 2.3MB

.vmp1
Size: 512B - Virtual size: 8B

.vmp2
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 512B - Virtual size: 160B