General
-
Target
ec55954589acb064de0bb327f8eb4ef7_JaffaCakes118
-
Size
177KB
-
MD5
ec55954589acb064de0bb327f8eb4ef7
-
SHA1
12f6334e00cbb6ca5b0157f37bec4b4a85c32ae8
-
SHA256
7e355b549827f9a2f13fb6ca55a086ffa49107ec6f6f769768869c10b3ef1110
-
SHA512
56f9109a802726348ceccb4fc3c45556aa5b64195b0e8ae03d600d63aec43f668226b9f2cd7ba80d2a246fb867337ecb83c76a2cc78e2338bcf6857cc767650a
-
SSDEEP
3072:vEnBRo/9wxevViOpvSDMw0k63nhXh8Axi6o0BxzHYn0ovA3HKM76fpGE0YGiK:snBR6iuZFtX2Axi6o0BxjY0ovaHrxE8i
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ec55954589acb064de0bb327f8eb4ef7_JaffaCakes118
Files
-
ec55954589acb064de0bb327f8eb4ef7_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ