General
-
Target
2f43466de7ab5a878b8f6d70a8543bf9_JaffaCakes118
-
Size
49KB
-
MD5
2f43466de7ab5a878b8f6d70a8543bf9
-
SHA1
0135b5e74edb08325aef6413f5b9621ecb7514a9
-
SHA256
72e71b8cb4d9dbc83800088c81c689d2dcaa2460ee6ff7c7908ec74576843947
-
SHA512
62b02813efc5018a71ae3e42c8f6022a3e9888202612e6bade2875e1984eda972f80dfab96837ec9df0bab33e635fe2b3776a64e67e1de6148de9f551382238e
-
SSDEEP
1536:v49FkpIm/M5df6nPb4wzYFTrhfhxSrFl:v494hMLSPb4wzMXxE
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f43466de7ab5a878b8f6d70a8543bf9_JaffaCakes118
Files
-
2f43466de7ab5a878b8f6d70a8543bf9_JaffaCakes118.sys windows:6 windows x86 arch:x86
01d2a6d9e86ad8730be55e976ad62a87
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memmove
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
Sections
.text Size: - Virtual size: 805B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 344B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 134B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.vmp2 Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ