aaf7d5059474d579e56e70f4cfa83d4d_JaffaCakes118

General

Target

aaf7d5059474d579e56e70f4cfa83d4d_JaffaCakes118
Size

57KB
MD5

aaf7d5059474d579e56e70f4cfa83d4d
SHA1

19647837336a42150abbf2c68d95e47b77e20e00
SHA256

eebcb32317563b83715dd66e82481f1629ddbd32f1873f46cebfdc43a252b528
SHA512

17a314eea24fb4824f192b51c0683490dde9f3430d37020330ad0e24e1d2b3b318a21fd3099ba3e61a46a2fe9eb53f3207225fce911a58913130760eecd3b946
SSDEEP

1536:3yg4KMbrWAd1OyR3RHsr3I9ERgTZak9m:3yNRHWAblHsDI9E2T8Sm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaf7d5059474d579e56e70f4cfa83d4d_JaffaCakes118

Files

aaf7d5059474d579e56e70f4cfa83d4d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e9c25c5285b1ba0e1cbc978b1cd9e373

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
strlen
wcslen
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
ZwQueryDirectoryFile
IoGetCurrentProcess
KeServiceDescriptorTable
ZwEnumerateKey
ExAllocatePoolWithTag
ExFreePoolWithTag
_wcsnicmp
ExGetPreviousMode
ZwWriteFile
ObReferenceObjectByHandle
ZwOpenProcess
ZwQueryInformationProcess
PsGetCurrentProcessId
ObfDereferenceObject
ZwReadFile
ObQueryNameString
RtlCompareUnicodeString
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9c25c5285b1ba0e1cbc978b1cd9e373

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 28KB

INIT Size: 1024B - Virtual size: 808B

.vmp0 Size: 512B - Virtual size: 456B

.vmp1 Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 28KB

INIT
Size: 1024B - Virtual size: 808B

.vmp0
Size: 512B - Virtual size: 456B

.vmp1
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 224B