10c34700b7743c1c1b6d4d07a78915fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10c34700b7743c1c1b6d4d07a78915fe_JaffaCakes118
Size

3.7MB
MD5

10c34700b7743c1c1b6d4d07a78915fe
SHA1

00573d3759a1dd6c255c1f223844a7c7b02a75ce
SHA256

20adea4dcae5d45865ab62ef0695f5a6656a533ab6a79482757694718f6d1d53
SHA512

ff0703105e76c6b3c364cffa82eab2121c3c158bf456eae2a7319bace2e451fcd0981d1cb46c6e599ac97dff557d3a7c7faf73555ea9054d2c51e036fb7e69eb
SSDEEP

98304:+cfjmFgcvRY2NS/5E4eX+bsnIcOUbYrF2XSbw+Zo+3PVdCA7d2PD:hiPRjy5le5nIcORC+J98A70PD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10c34700b7743c1c1b6d4d07a78915fe_JaffaCakes118

Files

10c34700b7743c1c1b6d4d07a78915fe_JaffaCakes118
.sys windows:6 windows x86 arch:x86

37dc8b7aced39f74307a82eeb2a9a406

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObOpenObjectByPointer
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ