General
-
Target
7065e96a4557a6b4e5a3d57b50042b05_JaffaCakes118
-
Size
732KB
-
MD5
7065e96a4557a6b4e5a3d57b50042b05
-
SHA1
db4e96447279a007ce4cda4e340da09d1d1eec06
-
SHA256
c7d17d798286c6d92b8f4196c4b5b270961678ad7c13d06d6161a8114ccc3aae
-
SHA512
ec7e92e7550fad6499a4ce3d441b02770f8886fd7f9b468a664a99e6e3b9643f1e126e3203b908d14633086985eb6157d4c84078bcfb03f7907962b37fd0b901
-
SSDEEP
12288:RZGYGhMIp9Caikd5W/zpfJXxD1gRrtjY3hlekG+DUSH4joTVHEuCRFwbPO1tJXh+:KYAFLCYarpfxt1oRYRlVHdH1VkuEwbPg
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7065e96a4557a6b4e5a3d57b50042b05_JaffaCakes118
Files
-
7065e96a4557a6b4e5a3d57b50042b05_JaffaCakes118.sys windows:5 windows x86 arch:x86
cd29b30bba705a6e96648d1285259c13
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strlen
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfAcquireSpinLock
HalMakeBeep
Sections
.text Size: - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 404B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 620KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 731KB - Virtual size: 730KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ