General
-
Target
6fbb6e0f870d66de4598418a7b0c3349_JaffaCakes118
-
Size
652KB
-
MD5
6fbb6e0f870d66de4598418a7b0c3349
-
SHA1
8634d25929a08a498dd62d38b94425d98d035fae
-
SHA256
33806224d2f31d527e21cad525fa2108fae5f8dca922544c13ec0e0c989f1800
-
SHA512
f3cc659c27dd2d89f54404bc2462e07947f6bad3276c95e9c2307cfe2ed527557af7bad43090c2132a0ff4f7f4f8d4814e0fe629b6548a7ad68c3e28f6746d3e
-
SSDEEP
12288:Gh3kZJ1cqrtduhnPITfohpt1p6/v9cU/wHV1sexDaq/osv:HZ4qrtY6ohH1p6/2sGTtws
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6fbb6e0f870d66de4598418a7b0c3349_JaffaCakes118
Files
-
6fbb6e0f870d66de4598418a7b0c3349_JaffaCakes118.sys windows:5 windows x86 arch:x86
8590577cb77f3f984c24a0e892547365
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strcpy
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 553KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 651KB - Virtual size: 650KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ