5bf1ecf1e15404efa5c0877c1e757c65_JaffaCakes118

General

Target

5bf1ecf1e15404efa5c0877c1e757c65_JaffaCakes118
Size

123KB
MD5

5bf1ecf1e15404efa5c0877c1e757c65
SHA1

7cb9ce9c4110adef83ec13cb4eedd80545486d8f
SHA256

30caf24f9be7972f87e2eeecce2edbccc184346bdb88c8b607c8bce2412dd8fe
SHA512

7a28d73fe13e0ad9d83639b6c8052523e4df6968bce2406d30a0ccc2d56f20b436df05f1ac2aa75743650fc50a1e58536dddd1a0bfaed28a3fa1bd7c388ce885
SSDEEP

3072:hvE+4H3yS2oVbQhFfanqGYi1ayl9XO4yQqawTNus:hvA936xGYkl9XcQb6gs

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf1ecf1e15404efa5c0877c1e757c65_JaffaCakes118

Files

5bf1ecf1e15404efa5c0877c1e757c65_JaffaCakes118
.sys windows:5 windows x86 arch:x86

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwReadFile
ExGetPreviousMode
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwOpenFile
ZwQueryInformationFile
ZwOpenKey
ExFreePoolWithTag
_wcsnicmp
ExAllocatePoolWithTag
KeDetachProcess
ObQueryNameString
ZwQueryValueKey
IoGetCurrentProcess
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
ZwSetValueKey
ZwWriteFile
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 89KB - Virtual size: 88KB

INIT Size: 1024B - Virtual size: 912B

.vmp0 Size: 1024B - Virtual size: 812B

.vmp1 Size: 23KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 484B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 89KB - Virtual size: 88KB

INIT
Size: 1024B - Virtual size: 912B

.vmp0
Size: 1024B - Virtual size: 812B

.vmp1
Size: 23KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 484B