General
-
Target
5eb45b376e2bdc262ecfcbe5dcfa2901_JaffaCakes118
-
Size
175KB
-
MD5
5eb45b376e2bdc262ecfcbe5dcfa2901
-
SHA1
06313c25875895e0e476bfcf33b30f8a3ee0083b
-
SHA256
1b14cb7e2a1a74e491dd9bdedb618570e864cac019229260478ff429868c3f9f
-
SHA512
366bf2355b28d7ac4e23b11ccf4670571172efe95386cbabd7067f1211b4b3da0d5ed8e35341b687219b06c5c37ea5f728ff74809c163c0e59844f8f15a7b16c
-
SSDEEP
3072:MizJaigSiOHiNFi8o8hIcprVgOf0Y/DLyHxyDRkDHoE00PDKvgZ/Oki7TPGTqKYI:MqPgHOCNY0IY06D2xyD2DIE0OygtWlK7
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5eb45b376e2bdc262ecfcbe5dcfa2901_JaffaCakes118
Files
-
5eb45b376e2bdc262ecfcbe5dcfa2901_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ