General
-
Target
bb0cf37d95a35f2a30459b39c39a5cfa_JaffaCakes118
-
Size
175KB
-
MD5
bb0cf37d95a35f2a30459b39c39a5cfa
-
SHA1
ab73deebfb4c895329e8c11516692213ff2ca61f
-
SHA256
1ed496118cbd20c893be125b38428ba0d82c7974d335b63e9db838dcc0db8177
-
SHA512
2313d3a0d74883e6751772ad0c44a8624f58d1416a8b4539cbf01df306c25fecdabff837ba9fad817332fa35774b14ef6c0593c47e8e9a3a6351488d91e4f507
-
SSDEEP
3072:VUGthJlj4c1/Ow1OtoUChzF97s7njdIeqS3/qmiPAiE5F0xMdRgUSYjAgIs5:VUGTJ1n1c7Ch5ujdIzS3fuAiE52xMdqG
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bb0cf37d95a35f2a30459b39c39a5cfa_JaffaCakes118
Files
-
bb0cf37d95a35f2a30459b39c39a5cfa_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ