General
-
Target
0aad05001dd4370d9580f68cdb8ea7e8_JaffaCakes118
-
Size
748KB
-
MD5
0aad05001dd4370d9580f68cdb8ea7e8
-
SHA1
c21e17ed0ff93b27a08f4930e6ed7c24afa562b4
-
SHA256
81ce1a5a81b68159336485cfdfee3b3f3f455415828b1c8722db7b82c37bfd91
-
SHA512
213004990bf7d69ca514ef7648dca7ffa60cf5e5b13af96fc41cf2ece48b3b2a203c1d5f1ecaaffcb6fd433ee985dce3781cd514f5b182ef44c9ec8140a566ea
-
SSDEEP
12288:O9TI7stHJCIyc7CCirDxS1upzwtzHBUAEdeuHQQwGaMqadu9Ia2HBYMkka:HSHxyJtrDxysIhUJeuLcbIHGo
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0aad05001dd4370d9580f68cdb8ea7e8_JaffaCakes118
Files
-
0aad05001dd4370d9580f68cdb8ea7e8_JaffaCakes118.sys windows:5 windows x86 arch:x86
fbb590b2e5e396447209d701ef664e8f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcslen
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 914B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 641KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 746KB - Virtual size: 746KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ