General
-
Target
538f102e7ff7f15f67c635f2409d35fb_JaffaCakes118
-
Size
690KB
-
MD5
538f102e7ff7f15f67c635f2409d35fb
-
SHA1
0a76c699c36a13ee03db5bf15284498310bb35d1
-
SHA256
883bd5babfe958db4dcb95d1a58d4f023e57aeac1ea5e45debba4c284f1bb1a5
-
SHA512
de19fee3529eb73f83d95e4b8dbef4b1b87103a832d94ae34358fda520bd5204261f978b3b66ffd432a458abeb8899f70348d23918c6186e37bac016209c6221
-
SSDEEP
12288:hLGtO9BdRBxWMg+foDIU3rE5mlW/fzSq+O31DLakMNopG7lg:hLGedRBxWMg7sU3rSmlWnzSJk1DLakM2
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 538f102e7ff7f15f67c635f2409d35fb_JaffaCakes118
Files
-
538f102e7ff7f15f67c635f2409d35fb_JaffaCakes118.sys windows:5 windows x86 arch:x86
9eb749d758e23b74d61a194daabef0eb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcslen
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 585KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 688KB - Virtual size: 688KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ