General
-
Target
45cf419bf43fcff24ff2d57c2907de84_JaffaCakes118
-
Size
187KB
-
MD5
45cf419bf43fcff24ff2d57c2907de84
-
SHA1
e45579682558edc41292ac5138ffa9cc6b99f0ff
-
SHA256
c5c78886a0e86ab56aa6d305503c17672ddc75b6551b04bad03189e94407d922
-
SHA512
1e56cc2d10608dd7cddca6a2bc356cd7e85eb832a3516386093dd9648188ac0a838088bddc964f1ddade29020923732543f3e7fc5f168ee36cc92cf6c61bcc6b
-
SSDEEP
3072:Zs6kZ8bFLyy32s37VFMFWzwdCp3SuhTEFc4P+MGiJxnZB4c0oWIJnAxU3Xpa4q3w:Zs6kupL4FWzyq3licW+MGYtZB4cxWIKs
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 45cf419bf43fcff24ff2d57c2907de84_JaffaCakes118
Files
-
45cf419bf43fcff24ff2d57c2907de84_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 179KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ