General
-
Target
0fb3b1c01832ef53eb4d821a99d71a23_JaffaCakes118
-
Size
680KB
-
MD5
0fb3b1c01832ef53eb4d821a99d71a23
-
SHA1
5900f240c28bda665955d8d137c9ae43ddc0d780
-
SHA256
45339fa58cfb208aaf639779b2d045c28a8baf5cadf3b432b0037d4009e9d56a
-
SHA512
99e5b441b4cb04db823f0303877b4db50828f5e86dfbec017d4884174a44145398064e735df48d5aeb864b3850ebf21c16128188ff43cdfd390ba9e4d2edf62f
-
SSDEEP
12288:ItbqBejnyrMg4SFwqPMFWPZCvTxNf+COoJ+vhjYHiRoykN5Y+gvMfGTwO4inJ:eqBgTIBMFGZMTnf+COoEZiiRoykN5Y3V
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0fb3b1c01832ef53eb4d821a99d71a23_JaffaCakes118
Files
-
0fb3b1c01832ef53eb4d821a99d71a23_JaffaCakes118.sys windows:5 windows x86 arch:x86
7a7ef30b4fa4d58c0bceb1a6ca477e2d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 575KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 678KB - Virtual size: 678KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 284B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ