3a13695286d8028424969fa8daef8ed6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a13695286d8028424969fa8daef8ed6_JaffaCakes118
Size

14KB
MD5

3a13695286d8028424969fa8daef8ed6
SHA1

870448a1ed665069b2893ea5234b741fc99d4679
SHA256

f7bc723f001f66c5b630aac6580ae30f136135992975b1f86b2255fb57b3a996
SHA512

aa10d98c5bfaab6fa53c2e3691632b9c2ab25b4c1888f9409ab23af06ff229933ab8686f20b5c2b43e0cc97e44bac173368c6ac85e96a2d46ce2cde96654f5fe
SSDEEP

192:wwEEaEqiAFyyGaDCxZQ5J6nigftb/66Hi6pblq2C0Hdq1QF62dy6rflcfin:ZZAFyyGuCrO4DZxPYIdq1nGy6rflcK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a13695286d8028424969fa8daef8ed6_JaffaCakes118

Files

3a13695286d8028424969fa8daef8ed6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

35407e0e349350b41fd78df1287a6b89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Soft\Smr\会员版\PcHide\OBJFRE\I386\VBNxqwwer.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
sprintf
_strupr
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
wcslen
wcsncmp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35407e0e349350b41fd78df1287a6b89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 908B

.rsrc Size: 128B - Virtual size: 16B

.vmp0 Size: 512B - Virtual size: 422B

.vmp1 Size: 5KB - Virtual size: 4KB

.reloc Size: 896B - Virtual size: 844B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 908B

.rsrc
Size: 128B - Virtual size: 16B

.vmp0
Size: 512B - Virtual size: 422B

.vmp1
Size: 5KB - Virtual size: 4KB

.reloc
Size: 896B - Virtual size: 844B