f9e0cca7f8e0cd1f733b9c14e0c24b27_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9e0cca7f8e0cd1f733b9c14e0c24b27_JaffaCakes118
Size

380KB
MD5

f9e0cca7f8e0cd1f733b9c14e0c24b27
SHA1

93baea195871f1cfb5e29f43107fd7f325d4c5a3
SHA256

dab667482e4ae0ff7543079ed2b6f653298f97699c0389fb7f2716137a257a10
SHA512

6f6a82282ba582705de1e5609dc9093f235dc0cf35a56c6d046dbdd56882e7da26ca37192afd248d138f95232ab8499e84915e9c6b9770fa782d3fb115d2f9f5
SSDEEP

6144:x4aWn0blnw6rKywy5Vpv+1IeDMuTuBPYHt4YFwcueAy7l9pb0YVd+cHfpt2+7O6g:maWnTC21IRYRFMclXtT+ip7tg

Score

1^/10

Malware Config

Signatures

Files

f9e0cca7f8e0cd1f733b9c14e0c24b27_JaffaCakes118
.sys windows:5 windows x64 arch:x64

1cefeb7d6893f94788cfca47a53448b5

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:f8:53:4e:55:49:a1:ff:cc:e7:5d:e8:b9:3f:aa:52
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/07/2014, 00:00

Not After

15/07/2015, 23:59

Subject

CN=Yijiajian (Amoy) Jiankan Tech Co.\,LTD,O=Yijiajian (Amoy) Jiankan Tech Co.\,LTD,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:88:92:92:0b:23:f7:d1:a0:c3:03:a7:de:37:7e:a1:6e:00:0b:d0
Signer

Actual PE Digest

f3:88:92:92:0b:23:f7:d1:a0:c3:03:a7:de:37:7e:a1:6e:00:0b:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ExFreePoolWithTag
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
ExAllocatePoolWithTag
RtlLengthSid
SeExports
ZwClose
wcsrchr
ZwSetValueKey
ZwDeleteValueKey
ZwCreateKey
ExAllocatePool
ZwQueryValueKey
ZwOpenKey
wcsncpy
_wcsnicmp
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
PsGetCurrentProcessId
ZwDuplicateObject
ZwOpenProcess
ObfDereferenceObject
_strnicmp
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoGetRelatedDeviceObject
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeToString
strrchr
RtlInitAnsiString
RtlCopyUnicodeString
IoFreeIrp
IoFreeMdl
KeSetEvent
KeWaitForSingleObject
IofCallDriver
SeCreateAccessState
IoGetFileObjectGenericMapping
KeInitializeEvent
IoAllocateIrp
ObCreateObject
IoFileObjectType
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoCreateFile
IoDeleteDevice
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
IofCompleteRequest
MmGetSystemRoutineAddress
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
ExpInterlockedPushEntrySList
ExQueryDepthSList
ZwLoadDriver
strstr
RtlUnicodeStringToInteger
_snprintf
PsTerminateSystemThread
KeCancelTimer
rand
KeWaitForMultipleObjects
KeSetTimerEx
KeInitializeTimerEx
KeSetPriorityThread
PsGetProcessImageFileName
ObOpenObjectByPointer
PsProcessType
PsLookupProcessByProcessId
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
PsCreateSystemThread
__C_specific_handler
ZwQuerySystemInformation
ZwQueryDirectoryFile
ExpInterlockedPopEntrySList
ExInterlockedRemoveHeadList
ExInterlockedInsertHeadList
strncpy
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
strchr
_strlwr
ZwQueryInformationProcess
PsGetCurrentThreadPreviousMode
ObReferenceObjectByPointer
PsSetCreateProcessNotifyRoutine
IoStartTimer
IoInitializeTimer
IoBuildDeviceIoControlRequest
MmUnlockPages
MmProbeAndLockPages
IoCancelIrp
KeQueryTimeIncrement
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
strncmp
MmSectionObjectType
srand
MmIsAddressValid
IoStopTimer
NtBuildNumber

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 853B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cefeb7d6893f94788cfca47a53448b5

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

41:f8:53:4e:55:49:a1:ff:cc:e7:5d:e8:b9:3f:aa:52Certificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

f3:88:92:92:0b:23:f7:d1:a0:c3:03:a7:de:37:7e:a1:6e:00:0b:d0Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 4KB

PAGE Size: 1024B - Virtual size: 853B

INIT Size: 4KB - Virtual size: 4KB

.upx0 Size: 282KB - Virtual size: 281KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 484B

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

41:f8:53:4e:55:49:a1:ff:cc:e7:5d:e8:b9:3f:aa:52
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

f3:88:92:92:0b:23:f7:d1:a0:c3:03:a7:de:37:7e:a1:6e:00:0b:d0
Signer

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 4KB

PAGE
Size: 1024B - Virtual size: 853B

INIT
Size: 4KB - Virtual size: 4KB

.upx0
Size: 282KB - Virtual size: 281KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 484B