General
-
Target
a446c543f696a30a9bcaf874ffcc9901_JaffaCakes118
-
Size
754KB
-
MD5
a446c543f696a30a9bcaf874ffcc9901
-
SHA1
b304b25956f6dcd5d649ccc44df9938a40e8c466
-
SHA256
46dfec77c45346d89131ebd5a6683a72a928e3c750933e7f12141dacefcac257
-
SHA512
567ea65c0e71a1030ef2f2582c5889350f08c8b77e8f8dceb7cd433dfc988ea309cce555b982f57ca68bb035be9a17fe7c25edd60a5eb2f635091d36d8311100
-
SSDEEP
12288:ZXTfr0afdFkTLqYDVGE21eSHBWYN1FaaXfBG3P2OQ6pNNlhFQfcOCOoWEXygvxXt:130DTLpDt21hhRNb3XfI3P2ElTfOCOp6
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a446c543f696a30a9bcaf874ffcc9901_JaffaCakes118
Files
-
a446c543f696a30a9bcaf874ffcc9901_JaffaCakes118.sys windows:5 windows x86 arch:x86
b09654517b4b55a59bc84122826a2f5b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeInitializeEvent
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfReleaseSpinLock
HalMakeBeep
Sections
.text Size: - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 452B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 635KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 752KB - Virtual size: 752KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ