0db9478a6bd030c905829c5ca8a4f407_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0db9478a6bd030c905829c5ca8a4f407_JaffaCakes118
Size

14KB
MD5

0db9478a6bd030c905829c5ca8a4f407
SHA1

cb4fc80e3d2c2bc2543bb66fb76f19152ae6f39e
SHA256

cdafc8231627fc6e533a8a45cb4d346249f337c4700d43df20edcbd4153f73ee
SHA512

5626693044773b68c30ba9382d2160241cd01c74a8504ca60dcc30bc1bbfd872b2cd3a0b2840900cc407dd7bda5361f292bb34cbda4947489ab8e8b3394fe240
SSDEEP

192:wo7nJvpEsCp703r3AjdUeJ4F7EdLx64QdRNjiXO2BnZ4BOIivbURPCqhvn+n:wEn337pSG7EdVdmrmFnwOdvIv+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db9478a6bd030c905829c5ca8a4f407_JaffaCakes118

Files

0db9478a6bd030c905829c5ca8a4f407_JaffaCakes118
.sys windows:5 windows x86 arch:x86

cb472ceb22ce4823e8e3c52cf0042aa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lkdfdsakjqwwer.pdb

Imports

ntoskrnl.exe

sprintf
_strupr
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
wcscpy
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
wcslen
wcsncmp

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 640B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb472ceb22ce4823e8e3c52cf0042aa0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 908B

.rsrc Size: 128B - Virtual size: 16B

.vmp0 Size: 640B - Virtual size: 556B

.vmp1 Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 908B

.rsrc
Size: 128B - Virtual size: 16B

.vmp0
Size: 640B - Virtual size: 556B

.vmp1
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1004B