a122b7850949e363ccfe8d0f055dba77_JaffaCakes118

General

Target

a122b7850949e363ccfe8d0f055dba77_JaffaCakes118
Size

141KB
MD5

a122b7850949e363ccfe8d0f055dba77
SHA1

3a928e2389e0ed083c2dc2b81917a7b221983e1f
SHA256

e06f51ef021912b122434dbb04990d461e3d66ce56da9d964ff2ba7c6b91130b
SHA512

73e1d8f8973e9e565bcb1cb6a24e943d06e400b1838bc45a875ec4e9c9623c7a8c713bff24766876963f9962582741369e6a7bc0275cf82a7d56fc65e9f96046
SSDEEP

1536:l4fzVrbJQrwMw3OtV2mL7tHZVGgDG6YiSTYiVyW1boCFHjAhz51OoLvm9qBUFz4p:l4rZJlMfamPtHTGFtaWIuRqemaT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a122b7850949e363ccfe8d0f055dba77_JaffaCakes118

Files

a122b7850949e363ccfe8d0f055dba77_JaffaCakes118
.sys windows:5 windows x86 arch:x86

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwReadFile
ExGetPreviousMode
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwOpenFile
ZwQueryInformationFile
ZwOpenKey
ExFreePoolWithTag
_wcsnicmp
ExAllocatePoolWithTag
KeDetachProcess
ObQueryNameString
ZwQueryValueKey
IoGetCurrentProcess
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
ZwSetValueKey
ZwWriteFile
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 112KB - Virtual size: 112KB

INIT Size: 1024B - Virtual size: 912B

.vmp0 Size: 1024B - Virtual size: 874B

.vmp1 Size: 17KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 408B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 112KB - Virtual size: 112KB

INIT
Size: 1024B - Virtual size: 912B

.vmp0
Size: 1024B - Virtual size: 874B

.vmp1
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 408B