General
-
Target
ab5a8275587b97e9cd2b173ad9b64d18_JaffaCakes118
-
Size
654KB
-
MD5
ab5a8275587b97e9cd2b173ad9b64d18
-
SHA1
7cd7b65fea593fce784ee09bc7ebcf5d9c029222
-
SHA256
a243975f1402c8e0e5ed9ce6d6e1c45d65f58117e7cec067854ca35da5b757e3
-
SHA512
5b4c683ae07aa947c0b0f5b85a88d4d5e789f06c324bdf80fc1de6ca81532074b7b15683f266b43407479c92029c15be80a3cc18cdd4c79def8e2b93931ca672
-
SSDEEP
12288:6bqx8QTK7N6mY/7xH4upynIezYpVJsR5V6w6+dUB2Wx6I:s/N6mixYFIezgw67b
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ab5a8275587b97e9cd2b173ad9b64d18_JaffaCakes118
Files
-
ab5a8275587b97e9cd2b173ad9b64d18_JaffaCakes118.sys windows:5 windows x86 arch:x86
94ffecbab14dbfc39a4c1ad117193289
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeDelayExecutionThread
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 562KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 653KB - Virtual size: 652KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 196B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ