General
-
Target
6245bff1243478c5ab710cb1c0bf0225_JaffaCakes118
-
Size
180KB
-
MD5
6245bff1243478c5ab710cb1c0bf0225
-
SHA1
1fd09b57386bdbd8979b2e9ea861f17136ef1468
-
SHA256
11ac7fd2c2e8d88b7e9575b21d5e114ba4d0593d7b380626b0f0cd47316e4f0d
-
SHA512
5a06156f6c5efae283f4281490951db5283af57890164aba79009b8f9d59614692e4c20a6347e6984ff0add0701d382444c18528ea3a64458e6f29c7d3510202
-
SSDEEP
3072:GRixf7CwU5rsVnY/8zvN2R9D/3qbpC6dnXHkketppLYCJ4HJeXkzPLuLlKNPxVnO:GKVnY/8zva/0pCqUkefJ4HJ9zjjN5To
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6245bff1243478c5ab710cb1c0bf0225_JaffaCakes118
Files
-
6245bff1243478c5ab710cb1c0bf0225_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ