General
-
Target
748103289bdb6bee2831409e8bcbfc30_JaffaCakes118
-
Size
868KB
-
MD5
748103289bdb6bee2831409e8bcbfc30
-
SHA1
53db0fef65823c82ef1a2f74c9d5f0154c12d6b0
-
SHA256
83a37f64570e083e48189aa3fbd140d7fac57ef673017f5fa04e1a3b69664935
-
SHA512
f90bcb27443b86e4fb6242a4ea446c75e95b2e833bd56315cc7882d73dbcc86173c7e3323c3419d8a5a773f90b6b30e0f550a83f662672d41c45d3629952830e
-
SSDEEP
12288:vDDOFmpn5LmJzmgfzDv77qmyfHe0JKqBjT4nHGtBkbIYKstFcGXVcLk1E:7D6SLmoGXqZe0JbBjT4HUkIlstFVl5W
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 748103289bdb6bee2831409e8bcbfc30_JaffaCakes118
Files
-
748103289bdb6bee2831409e8bcbfc30_JaffaCakes118.sys windows:5 windows x86 arch:x86
147fab5672985c42634bbea6c0906cd7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoFileObjectType
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 739KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 866KB - Virtual size: 866KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ