44d567f5583a19add755ffdb37f933a0_JaffaCakes118

General

Target

44d567f5583a19add755ffdb37f933a0_JaffaCakes118
Size

123KB
MD5

44d567f5583a19add755ffdb37f933a0
SHA1

6c08e28e06b40e9bddbfd97f07feda3965e6d106
SHA256

b1b9fcc79b27e3d7c9b5ab6f221a5724a8e8204f39a857299ff5a2345f4fffa0
SHA512

c2a0c167664a5516a407307fdba5e8ed21478328b5d1e54999170499c1909ac47e1877167a6d2caf4f835ebcbf943ffcb0ffea0ef3becf3ad4d85ba3a7860ff3
SSDEEP

3072:0vE+4H3yS2oVbQhFfanqGYi1ayl9XO4yQqaLTNus:0vA936xGYkl9XcQbngs

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d567f5583a19add755ffdb37f933a0_JaffaCakes118

Files

44d567f5583a19add755ffdb37f933a0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwReadFile
ExGetPreviousMode
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwOpenFile
ZwQueryInformationFile
ZwOpenKey
ExFreePoolWithTag
_wcsnicmp
ExAllocatePoolWithTag
KeDetachProcess
ObQueryNameString
ZwQueryValueKey
IoGetCurrentProcess
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
ZwSetValueKey
ZwWriteFile
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 89KB - Virtual size: 88KB

INIT Size: 1024B - Virtual size: 912B

.vmp0 Size: 1024B - Virtual size: 812B

.vmp1 Size: 23KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 484B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 89KB - Virtual size: 88KB

INIT
Size: 1024B - Virtual size: 912B

.vmp0
Size: 1024B - Virtual size: 812B

.vmp1
Size: 23KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 484B