General
-
Target
e93db57df37c83f1799760c62cfc5a6e_JaffaCakes118
-
Size
173KB
-
MD5
e93db57df37c83f1799760c62cfc5a6e
-
SHA1
d628a4f7d8df48ad391346e5618315b6147bff06
-
SHA256
34cff2d2668c344febf18d655d17c0aac61e726289faa5237b3663f148bf6ed7
-
SHA512
a65c377ff54e580650bd436ca5275576f923fd22b9e0703c4cea367f99bffa527f965c3ac87afdf2de35b3036f5553cf9ed72150f6110652b23ccadf0d537d27
-
SSDEEP
3072:nNOPai4TwyUiU5xIg7xMp2q+B18i+dwvVLmka1b5po3FM0Daa:nNoai+6z2pX+B18i+CvVLmkaR2FMmaa
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e93db57df37c83f1799760c62cfc5a6e_JaffaCakes118
Files
-
e93db57df37c83f1799760c62cfc5a6e_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ