37e0a0726e13f4e92f5c57910aa89b3b_JaffaCakes118

General

Target

37e0a0726e13f4e92f5c57910aa89b3b_JaffaCakes118
Size

56KB
MD5

37e0a0726e13f4e92f5c57910aa89b3b
SHA1

d23d3ac40a1911e33ce9eab094970000f884115e
SHA256

6f2d07e9ef8faa56546d0fa2975d39470f5e96757288b5f1c9c7a83682297ff4
SHA512

58f4ce989fda71cde197eec550d4e60f1e8a554f5d20c3f2e9dad1d57d24d0563fe99ddde31028ac1c0662713584cca554cf4110a5e200f6ab784df5d29181a5
SSDEEP

1536:Moq9Mdmw0zs2K6CYgqsUCUcOqcmdP3Xpc:MGmzgqcpPJc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37e0a0726e13f4e92f5c57910aa89b3b_JaffaCakes118

Files

37e0a0726e13f4e92f5c57910aa89b3b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d86d89738c9bf2d73d51bd3c13a060d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwReadFile
ExGetPreviousMode
RtlUnicodeStringToAnsiString
ZwSetValueKey
ZwSaveKey
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwDeleteKey
DbgPrint
ZwEnumerateKey
ExFreePoolWithTag
ZwWriteFile
wcslen
KeDetachProcess
IoGetCurrentProcess
MmMapViewOfSection
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
MmSectionObjectType
ZwOpenKey
MmUnmapViewOfSection
ObQueryNameString
RtlCompareUnicodeString
ZwClose
IoCreateFile
_wcsnicmp
RtlInitUnicodeString
_except_handler3

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 750B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d86d89738c9bf2d73d51bd3c13a060d3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 22KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 1024B - Virtual size: 750B

.vmp1 Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 22KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 1024B - Virtual size: 750B

.vmp1
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 448B