General
-
Target
28cb551479a202a429ddfa97987c2669_JaffaCakes118
-
Size
187KB
-
MD5
28cb551479a202a429ddfa97987c2669
-
SHA1
de3794ce7f677cdc26d8d1b7e0d5dcca88a53982
-
SHA256
fd5d6041ecb70cc3134fea386fb88753677dff19ae9ab51346cbe45ea2913084
-
SHA512
72421511a00357c2d649353c62a8e497966af63ac7ccc56698faaf85d7a1b4c646a47886cbc04a77bc17f151fbbfaca10976a45cd286c140a6e6bbc91a92e4a3
-
SSDEEP
3072:/WjR3EThtQH2wkio0+kjF+KDzBLY6xw9vbbUzOed9r9/4XpNPtT8o6Zs4Ah4:/WjRUjQWwzo4PTcvUzOedv/4jPtT8
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28cb551479a202a429ddfa97987c2669_JaffaCakes118
Files
-
28cb551479a202a429ddfa97987c2669_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 179KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ