af9975410ac3438a51d748584a407240_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

af9975410ac3438a51d748584a407240_JaffaCakes118
Size

12KB
MD5

af9975410ac3438a51d748584a407240
SHA1

7735d697574e1376ddd761ea1f3c346a83265f0a
SHA256

b43caaa8ca4a2964f7731387611f7bde44f2add6525742465a70c3841c998ba5
SHA512

3ade987ae665807b3ec450f0be8effedbf614d30a084d9a65b5f3a9ecb36fb2060557ac80a668397afa3b3139aa6af9daadb693e1c8a0df21ca98c07bc890933
SSDEEP

192:9J3SEqNPLFyyGFuZM1J6nigftbAUx7+2BHfIUr/iksGDQzuaP4iVOI:TOPLFyyGsE4DyUFj/IUjiksG0CagiVO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af9975410ac3438a51d748584a407240_JaffaCakes118

Files

af9975410ac3438a51d748584a407240_JaffaCakes118
.sys windows:5 windows x86 arch:x86

35407e0e349350b41fd78df1287a6b89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Soft\Smr\会员版\PcHide\objfre\i386\vbnxqwwer.b

Imports

ntoskrnl.exe

ExFreePoolWithTag
sprintf
_strupr
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
wcslen
wcsncmp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35407e0e349350b41fd78df1287a6b89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 908B

.rsrc Size: 128B - Virtual size: 16B

.vmp0 Size: 512B - Virtual size: 422B

.vmp1 Size: 3KB - Virtual size: 3KB

.reloc Size: 896B - Virtual size: 868B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 908B

.rsrc
Size: 128B - Virtual size: 16B

.vmp0
Size: 512B - Virtual size: 422B

.vmp1
Size: 3KB - Virtual size: 3KB

.reloc
Size: 896B - Virtual size: 868B