abe30af73dc9139bb15f416eeb77d2a1_JaffaCakes118

General

Target

abe30af73dc9139bb15f416eeb77d2a1_JaffaCakes118
Size

27KB
MD5

abe30af73dc9139bb15f416eeb77d2a1
SHA1

936ee8ab6e50c927720b8da17cc899471ba54b58
SHA256

79dba6c641b4be28a7888f625e1c1faa849893c682256a8406026d22e9b2c8d3
SHA512

0a3b0149704e7f2c479787c4e09fcc2ce53afe3e64952c3ed86780987053d69e96be436c056ccbf878271c3ea4f6a9213ff47d815fc03d80bd7f5a5860f37693
SSDEEP

384:V63DJiOho0f+FFUnI2cg+wBsFFjpTqvhOEnPQPVNolN:V6dR7+FancgZBsFrqYEnPG3ol

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe30af73dc9139bb15f416eeb77d2a1_JaffaCakes118

Files

abe30af73dc9139bb15f416eeb77d2a1_JaffaCakes118
.sys windows:6 windows x64 arch:x64

fc99206e074680844a6a882ce652c20a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
IoDriverObjectType
IofCompleteRequest
RtlCompareMemory
ObfDereferenceObject
ObReferenceObjectByName
KeAcquireSpinLockAtDpcLevel
IoGetDeviceProperty
KeAcquireSpinLockRaiseToDpc
KeBugCheckEx
DbgPrint
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc99206e074680844a6a882ce652c20a

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 320B

.data Size: 512B - Virtual size: 560B

.pdata Size: 512B - Virtual size: 84B

INIT Size: 1024B - Virtual size: 954B

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 16KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 320B

.data
Size: 512B - Virtual size: 560B

.pdata
Size: 512B - Virtual size: 84B

INIT
Size: 1024B - Virtual size: 954B

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB