fe0e47ff1ed65a3437dff94f8d5ac178_JaffaCakes118

General

Target

fe0e47ff1ed65a3437dff94f8d5ac178_JaffaCakes118
Size

64KB
MD5

fe0e47ff1ed65a3437dff94f8d5ac178
SHA1

bec427d2780d635d8c329042e8ee3a5da1ca9e1b
SHA256

a43ad719efb68e20d7f58585bf9ab4fa10ee48ed9990f87f25d3324c5d420d5f
SHA512

a69311ac5c2f5cba4e7f5ae060c0b02f8ea4720c3a5139ec0b10f25c2eadd4c611c07af945de4f1f9c367d2a39886f552a4931c9e33c33155e99f195efd46f14
SSDEEP

1536:9DIcw7ECHXYzpbcmHoW+ePbKkTgy86kurXcv8r+h:ZIcoWA7tdAs0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe0e47ff1ed65a3437dff94f8d5ac178_JaffaCakes118

Files

fe0e47ff1ed65a3437dff94f8d5ac178_JaffaCakes118
.sys windows:5 windows x86 arch:x86

611192179859bd199d065f93dd7c9a66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\USER\project\m5289wdm\5029Source\5029Source\objfre_wxp_x86\i386\m5289.pdb

Imports

scsiport.sys

ScsiPortStallExecution
ScsiPortSetBusDataByOffset
ScsiPortReadPortBufferUshort
ScsiPortWritePortUlong
ScsiPortReadPortUshort
ScsiPortNotification
ScsiPortCompleteRequest
ScsiPortReadPortUchar
ScsiPortMoveMemory
ScsiPortLogError
ScsiPortReadPortBufferUchar
ScsiPortWritePortBufferUchar
ScsiPortConvertUlongToPhysicalAddress
ScsiPortGetDeviceBase
ScsiPortInitialize
ScsiPortWritePortUchar
ScsiPortWritePortBufferUshort
ScsiPortGetBusData

ntoskrnl.exe

RtlWriteRegistryValue
KeTickCount
MmGetPhysicalAddress

hal

READ_PORT_ULONG
WRITE_PORT_ULONG

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 509B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

611192179859bd199d065f93dd7c9a66

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

scsiport.sys

ntoskrnl.exe

hal

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 512B - Virtual size: 509B

.data Size: 1024B - Virtual size: 928B

INIT Size: 896B - Virtual size: 804B

.rsrc Size: 896B - Virtual size: 872B

.reloc Size: 768B - Virtual size: 720B

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 512B - Virtual size: 509B

.data
Size: 1024B - Virtual size: 928B

INIT
Size: 896B - Virtual size: 804B

.rsrc
Size: 896B - Virtual size: 872B

.reloc
Size: 768B - Virtual size: 720B