General
-
Target
ea9289b1cef296f3a91930f1f0288bca_JaffaCakes118
-
Size
178KB
-
MD5
ea9289b1cef296f3a91930f1f0288bca
-
SHA1
30ea9680977135138b6954395658b2c456f39eab
-
SHA256
4e17e2a6d7457fe1b72895eb83bd5e529159442136120a0805ad1ec69010bfd4
-
SHA512
69f471c8c306447e33c1e72249e9517b0babc2ce2d96f60fd85a9c89ffe101ad708f610b1a34b4ddff733682af9f678755fb188b46d1a429de19b8df4cb30586
-
SSDEEP
3072:9QWZYGkUwTHIgbegSvwJDN0rn9tbo8TrSVDmxdbPRHh1cy3+UQAHre9VOXc/ncl8:bZYKwTo4X152rn9tbo8TX7RB1RDre9Vw
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ea9289b1cef296f3a91930f1f0288bca_JaffaCakes118
Files
-
ea9289b1cef296f3a91930f1f0288bca_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ