8c9c8dad9ec913deca96cb8103181c27_JaffaCakes118

General

Target

8c9c8dad9ec913deca96cb8103181c27_JaffaCakes118
Size

8KB
MD5

8c9c8dad9ec913deca96cb8103181c27
SHA1

329de0f571135ed42071badd6be588495f292845
SHA256

489120e1fbe7efc7584710fc56084162418110e406d820ac1b053a23c50ab920
SHA512

cf7a0b166f09350691583a8b64e8d7c42c03c7ee061da6b43ddf7efb2aa3caf518f1964149b6f7e05a15dd9aa74d4a8110890173a48bd2d8fb146b97f8f68dda
SSDEEP

192:6McoQo1FLkdFV6CQJFD/hTPopaSr/zAenOJrPPlnr:vcxKLkdzHQ7JLWaSr/0enGHlr

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c9c8dad9ec913deca96cb8103181c27_JaffaCakes118

Files

8c9c8dad9ec913deca96cb8103181c27_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3325a1a4fcabd2c615283d9ae29fc5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\免费版本\暗组免费专版\PcHide\objfre\i386\vbnxqwwer.pdb

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3325a1a4fcabd2c615283d9ae29fc5b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 640B - Virtual size: 560B

INIT Size: 640B - Virtual size: 526B

.rsrc Size: 128B - Virtual size: 16B

.vmp0 Size: 256B - Virtual size: 214B

.vmp1 Size: 2KB - Virtual size: 2KB

.reloc Size: 768B - Virtual size: 700B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 640B - Virtual size: 560B

INIT
Size: 640B - Virtual size: 526B

.rsrc
Size: 128B - Virtual size: 16B

.vmp0
Size: 256B - Virtual size: 214B

.vmp1
Size: 2KB - Virtual size: 2KB

.reloc
Size: 768B - Virtual size: 700B