General
-
Target
bcc43545717bfc2ebf6f1e0699dbc878_JaffaCakes118
-
Size
175KB
-
MD5
bcc43545717bfc2ebf6f1e0699dbc878
-
SHA1
c9c53493c206227f3dac3fd29edba1d367537ff7
-
SHA256
dc8dcfed583df4ad1c8eed757af76e710e0bff38fba5e57965d4ef7478f061c1
-
SHA512
d89f7acaf4f9d837c4bd50668899bcca96d8a98c6626814dd8a1ef24c984d42736e5197245f9376269110410b9da0ff077a30c79b8c06ceefe92cc55a101d7fd
-
SSDEEP
3072:Q7r/AfscV4ynr/goS6QZezaHI1hpOu13Kg2jIl5MZD3++n62MlDXkjXBJsTkGYfI:QXPcV4CgIr1qvSg+Y62MlD0jXTshYfI
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bcc43545717bfc2ebf6f1e0699dbc878_JaffaCakes118
Files
-
bcc43545717bfc2ebf6f1e0699dbc878_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ