General
-
Target
165149460c1de061424a00b83f7fbd85_JaffaCakes118
-
Size
178KB
-
MD5
165149460c1de061424a00b83f7fbd85
-
SHA1
0029fda157b5dad3a66076eb6212848b6cbbc1b6
-
SHA256
0b94774c5e8e622a34e1b70a0ff31e2a613b1b1fb983d0d7ce714a6410e51d2d
-
SHA512
745a5766416f5f2d672ce413ab362c9745047c25f33eb7e74fec7a9f86f70cba1c90028ac6603e50d8c4a1085e369b1f8551b62e86328c31da818685a3f0d8a3
-
SSDEEP
3072:2Dau6CpDMXVthHNl3DjtwDjky2SCPxYltoc/HLU1ExgjyJCN0qrdoJieeBPzsTUF:2L6CpDM1TRyExYlV/6Exgjo1qrdoJie6
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 165149460c1de061424a00b83f7fbd85_JaffaCakes118
Files
-
165149460c1de061424a00b83f7fbd85_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ