General
-
Target
ad41f37aeaaf538d014ffe46602eb0ae_JaffaCakes118
-
Size
176KB
-
MD5
ad41f37aeaaf538d014ffe46602eb0ae
-
SHA1
e35358b498138f0eeec41dc7c291bf5d0b6719de
-
SHA256
ee38b39357527a32ee0755d80aba2daf3b3336c4ed2a33bdd4512e960ec46be3
-
SHA512
0b523747798463599fce74042c1f4a1e52c73a31f0bf67d17aff3d9f2ef397cc44f80d59f732eab5a1de1cae6f50504a982f82bb21ee828fdd6c61e381ee18d8
-
SSDEEP
3072:NSwDi9WEyTmokoqL3WNgUY8S4MEq2NprkD+lckd3WUlnkb:Qx9WEoCoqLQJkv+oDOd3WUpU
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ad41f37aeaaf538d014ffe46602eb0ae_JaffaCakes118
Files
-
ad41f37aeaaf538d014ffe46602eb0ae_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ