General
-
Target
7098b8e1f5d7363986abd4ddc4721445_JaffaCakes118
-
Size
178KB
-
MD5
7098b8e1f5d7363986abd4ddc4721445
-
SHA1
1dcf45a79ab8d51143b201f41452b09df9b461e5
-
SHA256
be214cfbae4431aa4d4504e6e37926fd625ffe2fb8b601f87c13f11e2117813a
-
SHA512
9fe09b40ea63e493159a4a991154ffc2c3185a87b92fe512c34194ac600f6bb0acdf6a6a829f5adf4df9453fc575098a939bafb5faf63c50927cf7dbb104b908
-
SSDEEP
3072:FCCg+XrPHmHt1rzjNZ/P6wvhxNc7DpH/+l1Jzw2cnicUxGDPiPoUSF135B:vrOHDjNZ60NAicUxGDPigU01P
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7098b8e1f5d7363986abd4ddc4721445_JaffaCakes118
Files
-
7098b8e1f5d7363986abd4ddc4721445_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ