General
-
Target
ba080a4488d123367ca6323d446e17fc_JaffaCakes118
-
Size
190KB
-
MD5
ba080a4488d123367ca6323d446e17fc
-
SHA1
ddb722285d1433bff3bfdd1f45c6cec8fd332846
-
SHA256
9fd13903ceee960ad4f6892b7d95036931d8a0d3ddbabbcb04bd46e51cb0c57f
-
SHA512
866598063b1dda520706d93de3d3c2d0754306714c684f43e42cb64b6c5e7e6318abe7d76decc5c481d948ce62c961cbad99223534c8d64905a8f598a4091747
-
SSDEEP
3072:NLnVk3Be2L7XR4vCImkbiEfg4dJStjwj/F8NjeGmcxa9gTpwrUHmaVUVPFy:9eYCGgbtjZeGmcOMppmRp
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ba080a4488d123367ca6323d446e17fc_JaffaCakes118
Files
-
ba080a4488d123367ca6323d446e17fc_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 179KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ