General
-
Target
1417863b53b00710fbca941e6a02fca2_JaffaCakes118
-
Size
710KB
-
MD5
1417863b53b00710fbca941e6a02fca2
-
SHA1
c6d45fddec857ee33997fc90f9fa261dc9c2ad6f
-
SHA256
9637be3143ed744a7a727fc88e2e1f57f9c6bba1c6a86fe0567f79f66adc4fa9
-
SHA512
e19820df0c22bef729de1751df628571306c919e0299fe4d26939716cadf5df0d645401b57b24ff6aefdf833879b3649e381535b2e8d38f5a941e807c400bdc3
-
SSDEEP
12288:Kp31osjdWQf7N/KQxCos2ItFT5BtFEs/oXIwC+GEmrQgSkAdDH/:k31oshWQfI0s20FT9Fp+InWmzSkAdL/
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1417863b53b00710fbca941e6a02fca2_JaffaCakes118
Files
-
1417863b53b00710fbca941e6a02fca2_JaffaCakes118.sys windows:5 windows x86 arch:x86
dbb8b6b384f910ab0544808c942511d9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcslen
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 607KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 709KB - Virtual size: 708KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ