f5aab1d37e87b035d45fe0633fc121d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5aab1d37e87b035d45fe0633fc121d1_JaffaCakes118
Size

40KB
MD5

f5aab1d37e87b035d45fe0633fc121d1
SHA1

8be6c85e13c013a00c29aa5f8c19fcba55934115
SHA256

cc30ff9f4030841c31a7d5ccd2692c28e35509e2e5566e946ca8477943d2d297
SHA512

6d298e326e389ca038115e2eb7ac796541f3e7b469f5d1c31babd4ca4936c19777af4745335ab7fa8ab270b4d684b65ee5b0cbc82f2287e25c669514e3537fcd
SSDEEP

768:97kHomDnzjLfjzG8Ckr/Y2mCbebTR1RFMA:94HomDnzjLfjzGemCbsFFMA

Score

1^/10

Malware Config

Signatures

Files

f5aab1d37e87b035d45fe0633fc121d1_JaffaCakes118
.sys windows:10 windows x64 arch:x64

70f5897040e4bc745b3b2e951b78f3fb

Code Sign

39:12:7b:3c:69:89:87:2c:5a:20:3e:15:0f:f6:af:4c:81:7d:31:db
Certificate

Issuer

CN=Old-Thunder,OU=IT Weedcopper Lighter,O=Weedcopper Lighter,L=London,ST=London,C=GB

Not Before

26/03/2021, 10:25

Not After

26/03/2022, 10:25

Subject

CN=Old-Thunder,OU=IT Weedcopper Lighter,O=Weedcopper Lighter,L=London,ST=London,C=GB

62:6e:da:42:13:db:ee:55:75:6b:18:59:2b:47:cd:2a:75:7a:84:e3
Signer

Actual PE Digest

62:6e:da:42:13:db:ee:55:75:6b:18:59:2b:47:cd:2a:75:7a:84:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb

Imports

ntoskrnl.exe

ExAllocatePool
ZwClose
ZwTerminateProcess
KeWaitForSingleObject
SeLocateProcessImageName
PsLookupProcessByProcessId
FsRtlDissectName
KeSetTimerEx
RtlCopyUnicodeString
KeInitializeTimer
DbgPrintEx
ZwOpenProcess
RtlEqualUnicodeString

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70f5897040e4bc745b3b2e951b78f3fb

Code Sign

39:12:7b:3c:69:89:87:2c:5a:20:3e:15:0f:f6:af:4c:81:7d:31:dbCertificate

62:6e:da:42:13:db:ee:55:75:6b:18:59:2b:47:cd:2a:75:7a:84:e3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 132B

INIT Size: 1024B - Virtual size: 800B

.reloc Size: 1KB - Virtual size: 1KB

39:12:7b:3c:69:89:87:2c:5a:20:3e:15:0f:f6:af:4c:81:7d:31:db
Certificate

62:6e:da:42:13:db:ee:55:75:6b:18:59:2b:47:cd:2a:75:7a:84:e3
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 132B

INIT
Size: 1024B - Virtual size: 800B

.reloc
Size: 1KB - Virtual size: 1KB