General
-
Target
d0e8d6e7bf40fd860ac7ee0b159f1015_JaffaCakes118
-
Size
678KB
-
MD5
d0e8d6e7bf40fd860ac7ee0b159f1015
-
SHA1
eb58d36dc12e38e7d2da98e4b4e55655b3e487c7
-
SHA256
098193bf80228d855dc8fc43ef3756f929585866338f966cf645917bbabb4590
-
SHA512
5865741357ea2d78634df69df6a00bd0ac89d9fe94582deabe891a345347a63a4c717845e9d4667ffe15c19bdd0a2469003057e245be873a8ed24edd1c5cbe04
-
SSDEEP
12288:6LvykwEAbQ8t1zAl3LF7JA1d5MyIPdbdNnliEUdZPsgDfLc16mC0q6FI:lbQ8tilxd4ALPdLUDPxfLcb
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d0e8d6e7bf40fd860ac7ee0b159f1015_JaffaCakes118
Files
-
d0e8d6e7bf40fd860ac7ee0b159f1015_JaffaCakes118.sys windows:5 windows x86 arch:x86
08ec062c77f825b1483d722dc7be103b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strcpy
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 572KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 677KB - Virtual size: 676KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ