General
-
Target
f03caee79ac9724e3933f896f6c34268_JaffaCakes118
-
Size
691KB
-
MD5
f03caee79ac9724e3933f896f6c34268
-
SHA1
d05b28168ee1a38906c6492c3965a4b9c4be0dd6
-
SHA256
40c0b4ed078228ebdc573a4f724e2607e990ee2ba236b41478f509b934d90c7c
-
SHA512
cf80b79050fd7f0973a1d33c3ffc5e16569d34b970a243f6e77047ff9797d71609a5572556a5003b00bbe216f4bc25cf8d4fd2e40f3ab20c615523f421675253
-
SSDEEP
12288:z8888+7C97/EZfvnDY+jXonLcm6Cub4zSA+i9afw7FsrsBc:o18x9sXDtnb4x4f8FzBc
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f03caee79ac9724e3933f896f6c34268_JaffaCakes118
Files
-
f03caee79ac9724e3933f896f6c34268_JaffaCakes118.sys windows:5 windows x86 arch:x86
3e1546953de1985f1fbe243e7876a075
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 585KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 689KB - Virtual size: 689KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ