080a769d4bc768b25f64e0d2919b6a3b_JaffaCakes118

General

Target

080a769d4bc768b25f64e0d2919b6a3b_JaffaCakes118
Size

8KB
MD5

080a769d4bc768b25f64e0d2919b6a3b
SHA1

0aaab285018115c8001bcc6702fc3ee8854464a2
SHA256

f46ea665027fc372aa50b49628d2b4d46948aaba0b889c2e4763ebd83b668d1c
SHA512

b5602c940b125b4b5dc3c905c7ae3ac44c75882d8c89210412ba096755becd9b3b3573727565457fe6681877b8940a239c735b5bc9f3bc2aea54c5a2cdaab5f0
SSDEEP

96:m7FW71V6CPvEQaGY/Eo9015QpcTWbQkKUs2UlzHsav3Lw5upo8SbpKDdmLjetyT:L5JX1VYs2qbSkQLKMTn4dn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
080a769d4bc768b25f64e0d2919b6a3b_JaffaCakes118

Files

080a769d4bc768b25f64e0d2919b6a3b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

64c920d0d8eecd3df079bb1c111e2e7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\PcShare\复件免费版\PcHide\objchk\i386\SADFEDGERGREG.pdb

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64c920d0d8eecd3df079bb1c111e2e7d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 640B - Virtual size: 560B

INIT Size: 640B - Virtual size: 526B

.rsrc Size: 128B - Virtual size: 16B

.vmp0 Size: 256B - Virtual size: 240B

.vmp1 Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 724B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 640B - Virtual size: 560B

INIT
Size: 640B - Virtual size: 526B

.rsrc
Size: 128B - Virtual size: 16B

.vmp0
Size: 256B - Virtual size: 240B

.vmp1
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 724B