b22f70cf91dab4e41f61ac0c9e096446_JaffaCakes118

General

Target

b22f70cf91dab4e41f61ac0c9e096446_JaffaCakes118
Size

57KB
MD5

b22f70cf91dab4e41f61ac0c9e096446
SHA1

c2a50e1508241f1e442ae297fa2756d5425d53aa
SHA256

4451734d04ab103296941eb73de544983672ecb910a68a024420209d98b61c3d
SHA512

5acf7f3f5bcbb06735feb643c752dd5398359fff03ac0a89e8ef23edb20373473eacb2e4d9d844b5a2a2e4cb2b257465b13466b7debcd39f4f53c1c12364feb7
SSDEEP

1536:uyg4KObrWAd1OyR3RHsr3I9ERgTZak9m:uyNzHWAblHsDI9E2T8Sm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b22f70cf91dab4e41f61ac0c9e096446_JaffaCakes118

Files

b22f70cf91dab4e41f61ac0c9e096446_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e9c25c5285b1ba0e1cbc978b1cd9e373

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
strlen
wcslen
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
ZwQueryDirectoryFile
IoGetCurrentProcess
KeServiceDescriptorTable
ZwEnumerateKey
ExAllocatePoolWithTag
ExFreePoolWithTag
_wcsnicmp
ExGetPreviousMode
ZwWriteFile
ObReferenceObjectByHandle
ZwOpenProcess
ZwQueryInformationProcess
PsGetCurrentProcessId
ObfDereferenceObject
ZwReadFile
ObQueryNameString
RtlCompareUnicodeString
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9c25c5285b1ba0e1cbc978b1cd9e373

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 28KB

INIT Size: 1024B - Virtual size: 808B

.vmp0 Size: 512B - Virtual size: 456B

.vmp1 Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 28KB

INIT
Size: 1024B - Virtual size: 808B

.vmp0
Size: 512B - Virtual size: 456B

.vmp1
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 224B