General
-
Target
aa962df38235a8ddcf48c20544625f40_JaffaCakes118
-
Size
175KB
-
MD5
aa962df38235a8ddcf48c20544625f40
-
SHA1
830394d2a740fc48245425dc5fe62f1190c5e7b3
-
SHA256
569c772fa6a47b1c0b7622a6b2ed9f429e9bdbbe149384f6ab30e3003d98bbe6
-
SHA512
9748f212131ccbc305b69233a1a71e6829e97f2a0dccffe7bd2058ae141b51ebf27917e3924cf6c169ddc2a6e1a47d1af3402a02ae961d42f9ab3dc9d3592960
-
SSDEEP
3072:vI2jEWLtBqekusts1oSI0M0TqDhQSHPW91+REe+DxFk8NLAYeg8VYWOeaJD/Xe8T:vDnpkustWo5taqVw/DxFk8NIaWOXD/XW
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aa962df38235a8ddcf48c20544625f40_JaffaCakes118
Files
-
aa962df38235a8ddcf48c20544625f40_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ