General
-
Target
f650f87bb7741f05b2fd760283b73e34_JaffaCakes118
-
Size
175KB
-
MD5
f650f87bb7741f05b2fd760283b73e34
-
SHA1
57043cff14e6fec7b1be9871cabea92dceacee86
-
SHA256
4914ba2abce9abc1c9556c5e6ec17b621c40335add78c187e1eb285e8399f2b3
-
SHA512
98dc79b425016c91cc5b0dc9c6ec61b99054c7cc8404441772d8afb68fe849ee34a398646f3166ec215ae52aa0dd6e15ced8c8b50a47f07986f8d768e95efecb
-
SSDEEP
3072:+Y67628hfT4qM/8lKgpDOdrZGkSl6sEDwrhcXRTPUldQg4IObK5dPcJKZQ+CkKMU:+Y/4JuXaZGki6orRQgebK5dPvTCKjUHp
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f650f87bb7741f05b2fd760283b73e34_JaffaCakes118
Files
-
f650f87bb7741f05b2fd760283b73e34_JaffaCakes118.sys windows:5 windows x86 arch:x86
2815a26316831738d3675416954567f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3
Sections
.text Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.reloc Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ