General
-
Target
120486a0c924dccf8905f339feb4db3c_JaffaCakes118
-
Size
668KB
-
MD5
120486a0c924dccf8905f339feb4db3c
-
SHA1
84aa1c77f88138aa0854d90b62a4b548e2dac1ce
-
SHA256
a921a606ec48143d5b5200bed48341b7c6b1bd0d76ba7ac30a23e58ab9714803
-
SHA512
cdf0bc3ad2fd6d5acbab455247af7c72f75dc28b5a06557564af276104a22a5a16576df18d43c14de46fa593444ac657b241880ee937d03162833c57326c47b4
-
SSDEEP
12288:NCuE4PjLjaecLz+UpmiFxOPlKbbPgnN8pLlKbUdcq+5lQeLpiIYZV:NCajL+PLqUpjbYnNqJKbUKq+5rp9
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 120486a0c924dccf8905f339feb4db3c_JaffaCakes118
Files
-
120486a0c924dccf8905f339feb4db3c_JaffaCakes118.sys windows:5 windows x86 arch:x86
9eb749d758e23b74d61a194daabef0eb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcslen
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 574KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 667KB - Virtual size: 666KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ