General
-
Target
119edcd5ceb15fb0263a5f190405c7ff_JaffaCakes118
-
Size
728KB
-
MD5
119edcd5ceb15fb0263a5f190405c7ff
-
SHA1
e953d047da738668f0ccb3957325d61e5102410d
-
SHA256
67503cf1a71e2201204238fc3d53188737708f82d0cb8598c2ca95d59a9ce4db
-
SHA512
d02da223f3a15e318b02971c82aec64f34915d9c498f7331e8d608fe4f9e14806442b9cca260061e61f9dfe053ea5219be78361e3672c807f911fecf6e8cb7e9
-
SSDEEP
12288:6JBRCz/j1hq3ALKJr6Sz/Fi0C3sf0y+27iDqjh9makYtJJvTh2lMwgYkH7jk7oZg:6lw/j3q3AGp/zdi03fL+5Dqjh9makYBB
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 119edcd5ceb15fb0263a5f190405c7ff_JaffaCakes118
Files
-
119edcd5ceb15fb0263a5f190405c7ff_JaffaCakes118.sys windows:5 windows x86 arch:x86
0abd50153f1e0f24a29c3e1f3f37a798
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeInitializeSpinLock
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 621KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 727KB - Virtual size: 726KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ