aaa7e84361f8141ac9299f4951310d50_JaffaCakes118

General

Target

aaa7e84361f8141ac9299f4951310d50_JaffaCakes118
Size

141KB
MD5

aaa7e84361f8141ac9299f4951310d50
SHA1

d88c65bde248d32e161a94c7496d6f67430d4050
SHA256

b29fa16b288ea04ef6168d798213b90e72fe60c98d426e035778d7d205167102
SHA512

2b7e177f273d7f4177f4c260d05fb2242d447209a0466b1843e81d5e4567862f36f09f5ba297200bac3bfa1205ff893abac8c06f7e46427048a2c21a2ecb121f
SSDEEP

1536:h4fzVrbJQrwMw3OtV2mL7tHZVGgDG6YiSTYiVyW1boCFHjAhz51OoLvm9qBUFz4i:h4rZJlMfamPtHTGFtaWIuRqemrT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa7e84361f8141ac9299f4951310d50_JaffaCakes118

Files

aaa7e84361f8141ac9299f4951310d50_JaffaCakes118
.sys windows:5 windows x86 arch:x86

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwReadFile
ExGetPreviousMode
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwOpenFile
ZwQueryInformationFile
ZwOpenKey
ExFreePoolWithTag
_wcsnicmp
ExAllocatePoolWithTag
KeDetachProcess
ObQueryNameString
ZwQueryValueKey
IoGetCurrentProcess
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
ZwSetValueKey
ZwWriteFile
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

635a682624b37d893ac2a628f1a345d5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 112KB - Virtual size: 112KB

INIT Size: 1024B - Virtual size: 912B

.vmp0 Size: 1024B - Virtual size: 874B

.vmp1 Size: 17KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 408B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 112KB - Virtual size: 112KB

INIT
Size: 1024B - Virtual size: 912B

.vmp0
Size: 1024B - Virtual size: 874B

.vmp1
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 408B