General
-
Target
a33050f576507f96e6ed33663d1089a1_JaffaCakes118
-
Size
736KB
-
MD5
a33050f576507f96e6ed33663d1089a1
-
SHA1
71fa3a69fe61cee16c4656c61bb6be15c81a8d3f
-
SHA256
d9693f7b88dd9f8822d0fc8b83a8880ee07fd57a2d44b2a2b32ebd7d4bc659ca
-
SHA512
4738e4fb421849736b78435508dc89768507e95e487a67ee40205bab91f773b3f0e99eb5a8988f98aca7395487051da95201cd72b61cbb1f00f05561b8a10e5d
-
SSDEEP
12288:4eby1iCJrTEpwwCktPGxVoEFuJGYXmlrrGK5jK9eo43gXZE/ovz3S5qo0N83OyWa:4/EOrTuLfGRFZrlrKK5jK9sYK/ovrhXe
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a33050f576507f96e6ed33663d1089a1_JaffaCakes118
Files
-
a33050f576507f96e6ed33663d1089a1_JaffaCakes118.sys windows:5 windows x86 arch:x86
865770bda355818f8b1e1c703ba8d895
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 626KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 732KB - Virtual size: 732KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ