General
-
Target
4af04d29aea949a25215c7f44658c761_JaffaCakes118
-
Size
174KB
-
MD5
4af04d29aea949a25215c7f44658c761
-
SHA1
b5eb5886712b92bdb7362f065aff56f60cdd80b7
-
SHA256
d27cffe89bd6d05483ef12cba49056482a44c3bf0ffeccebfc4b4171f0d1c9da
-
SHA512
9d1cfaba92002b0bc23e8dff165603e1fcc47b714c00989892b0833a6990ebbb53ecb1cc6c727f73555df503401072c66f4074d18617319555ceea0654424c32
-
SSDEEP
3072:bZd75r/XiOKWa0Q4SgTkWrtdoobYfcYS/Sfh2gjpBiyg2xhVbkQMEkYOxb0C9Jja:31hu4S1F5fdjrMEUxz7jo20l
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4af04d29aea949a25215c7f44658c761_JaffaCakes118
Files
-
4af04d29aea949a25215c7f44658c761_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ