2a5ce3424dd94047d4de1656d8682bfb_JaffaCakes118

General

Target

2a5ce3424dd94047d4de1656d8682bfb_JaffaCakes118
Size

56KB
MD5

2a5ce3424dd94047d4de1656d8682bfb
SHA1

26f6ee6fd8a90bd65d9521d9d05a8f8d9a8d279a
SHA256

dd41c8d3c0d00f55c200f5e27d8c5f96d34ee29ee15aa61778dee381a067360e
SHA512

591f72b30e406e107d5f59259c7d61fce0dc11d1ab638dc7965782719ac24fd5a29b833589e8deb912d2c6e8b573afebc5e0fd1bde3721ef780c80b6ce3ec71b
SSDEEP

1536:Moq9Mdmw0zs2K6CYgqsUCUOOqcmdP3Xpc:MGmzgqOpPJc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a5ce3424dd94047d4de1656d8682bfb_JaffaCakes118

Files

2a5ce3424dd94047d4de1656d8682bfb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d86d89738c9bf2d73d51bd3c13a060d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwReadFile
ExGetPreviousMode
RtlUnicodeStringToAnsiString
ZwSetValueKey
ZwSaveKey
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwDeleteKey
DbgPrint
ZwEnumerateKey
ExFreePoolWithTag
ZwWriteFile
wcslen
KeDetachProcess
IoGetCurrentProcess
MmMapViewOfSection
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
MmSectionObjectType
ZwOpenKey
MmUnmapViewOfSection
ObQueryNameString
RtlCompareUnicodeString
ZwClose
IoCreateFile
_wcsnicmp
RtlInitUnicodeString
_except_handler3

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 750B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d86d89738c9bf2d73d51bd3c13a060d3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 22KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 1024B - Virtual size: 750B

.vmp1 Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 22KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 1024B - Virtual size: 750B

.vmp1
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 448B