0cb3878b92c4eb27464527d997422864_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cb3878b92c4eb27464527d997422864_JaffaCakes118
Size

71KB
MD5

0cb3878b92c4eb27464527d997422864
SHA1

6c9ceb42d6881cea186c5f02eb0d48b91b053528
SHA256

82149e60d3c779651afbd56249c4287485cf0475181b831607cbe5730bb0ce94
SHA512

0dd20195c1bb017f6bda5c8b43adf948355a1dc47785073bf7513c34d66c05f0759bea1570b29b188a8a161f978bb6ba3413035632b8d068c298e658da9f2a97
SSDEEP

1536:n+X9JNOIM040evv1XiqVnEZX1Da0gA+A0yp3apZuOZ31v1:nS9JNOIMR7XBNVEZXl/0yVugY3V1

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cb3878b92c4eb27464527d997422864_JaffaCakes118

Files

0cb3878b92c4eb27464527d997422864_JaffaCakes118
.sys windows:6 windows x86 arch:x86

ce818f9cf9d0400124e9b4f10aa6f569

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 362B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ