fcfd75fc0a2dc3d7b6d52f4d95c04877_JaffaCakes118

General

Target

fcfd75fc0a2dc3d7b6d52f4d95c04877_JaffaCakes118
Size

64KB
MD5

fcfd75fc0a2dc3d7b6d52f4d95c04877
SHA1

027244b5ea9b46ce0a43cb1e7b6f4163f6d0019d
SHA256

effe1ebfb5762494dec026ee87debe3120ff13aa1a01f3392b4bfac883da9eeb
SHA512

c998e0d271b773f18f1c50fee9a5512ce85f56b3bd5d8780d18e9e0fdb3bee97fbb6217ee2a9d4ac256a10aad2eb4057105c17b795e4a45663ddb8cf148e6f5c
SSDEEP

1536:mN1xlk3QJlJLo+uEOy/oKQWr3UHYtzi1HzBr:mLzxo9Ex/oKQ4UHYtQzBr

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcfd75fc0a2dc3d7b6d52f4d95c04877_JaffaCakes118

Files

fcfd75fc0a2dc3d7b6d52f4d95c04877_JaffaCakes118
.sys windows:5 windows x86 arch:x86

40baebbbde4bd91f8ed204f754ef25e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlUnicodeStringToAnsiString
wcslen
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
ZwQueryDirectoryFile
PsTerminateSystemThread
ZwQueryInformationProcess
ZwCreateSection
ZwEnumerateKey
ExAllocatePoolWithTag
ExFreePoolWithTag
_wcsnicmp
ExGetPreviousMode
KeDetachProcess
ZwWriteFile
IoGetCurrentProcess
MmMapViewOfSection
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
MmSectionObjectType
ZwOpenKey
ZwReadFile
wcsncpy
MmUnmapViewOfSection
ZwSetValueKey
ObQueryNameString
RtlCompareUnicodeString
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40baebbbde4bd91f8ed204f754ef25e3

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 30KB - Virtual size: 29KB

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 1024B - Virtual size: 586B

.vmp1 Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 30KB - Virtual size: 29KB

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 1024B - Virtual size: 586B

.vmp1
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 316B