General
-
Target
15fb53fc816b5417050787e76b3b0eba_JaffaCakes118
-
Size
752KB
-
MD5
15fb53fc816b5417050787e76b3b0eba
-
SHA1
d7cf3f25ad8025438f3fc27dab9b76deab1c2cc8
-
SHA256
a4617018ded3fc1344b430a6759aa986f5c04baa554336dbf34a0500c0165d24
-
SHA512
d45f9a5aeb9d51c3d655d29f5fb7e8a4170f16a0cb8de90df5be9f7238a977b6f4c961149616ee5b52775001af36e86aec1d9c8e0f439fcb7b86f7bb6f594d85
-
SSDEEP
12288:5lmynBE6Gcs1h7slv03ArvZ/MU6NaN+fFunvWSGRka34SvoqeoieZVGGrcJ/oqv:GIW6Gtd3AJNWAnvmaSRZVRrc2qv
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 15fb53fc816b5417050787e76b3b0eba_JaffaCakes118
Files
-
15fb53fc816b5417050787e76b3b0eba_JaffaCakes118.sys windows:5 windows x86 arch:x86
8ca6902bd54cbf8e8b043572ad700972
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwUnmapViewOfSection
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 914B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 642KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 751KB - Virtual size: 750KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ