fe55297cc0436ca8017cb0382bc46e64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe55297cc0436ca8017cb0382bc46e64_JaffaCakes118
Size

42KB
MD5

fe55297cc0436ca8017cb0382bc46e64
SHA1

a7bb8c9922e7e19696510d9631496ea624cc8213
SHA256

943951d59b3d516ec6d4d81cf65c06e3ffda8180fee3c3f7cd5a8323993bb299
SHA512

dffac0732c2aae05ebddcb3d86d616b4fdc7c6e52d62efe265f737352ff50b8e19f8220daec56d04e7ecae50a5b8c86f2e721ccb0e483b66f1e58b65ad1695f7
SSDEEP

384:WQoAHNaDzYLYwe4y8X/JCiCtJIE6qduQD40QLzUHb4A:WQoNP4HBC/FcL0Q/q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe55297cc0436ca8017cb0382bc46e64_JaffaCakes118

Files

fe55297cc0436ca8017cb0382bc46e64_JaffaCakes118
.exe windows:5 windows

17b0b601497a949a1fe948f8fb5a41d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\svn3\MMDriver\bin\fat32.pdb

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
ZwQueryInformationProcess
KeAttachProcess
KeDetachProcess
KeQuerySystemTime
KeWaitForSingleObject
KeInitializeEvent
_allrem
_alldiv
_aullrem
_allmul
_aulldiv
ExfInterlockedRemoveHeadList
IofCompleteRequest
InterlockedExchange
ExfInterlockedInsertTailList
KeInitializeSpinLock
MmGetSystemRoutineAddress
wcsncat
wcsncpy
NtQueryInformationFile
IoDetachDevice
ObReferenceObjectByName
IoDriverObjectType
_wcsicmp
KeQueryTimeIncrement
IoCreateSymbolicLink
IoCreateDevice
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlCompareMemory
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
KeSetEvent
ZwSetValueKey
ZwCreateKey
ZwOpenKey
KeResetEvent
ZwQueryValueKey
ZwEnumerateKey
MmMapLockedPages
IoFreeMdl
NtQuerySystemInformation
_strnicmp
memmove
IoCreateFile
NtReadFile
_except_handler3
ZwAllocateVirtualMemory
RtlFreeUnicodeString
RtlInitUnicodeString
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenFile
ZwReadFile
ZwQueryInformationFile
PsLookupProcessByProcessId
ZwClose
MmIsAddressValid
strstr
ExFreePool
ExAllocatePoolWithTag
KeTickCount
ZwQuerySystemInformation

hal

KfLowerIrql
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisDeregisterProtocol
NdisWaitEvent
NdisAllocatePacketPool
NdisSystemProcessorCount
NdisFreePacket
NdisOpenAdapter
NdisResetEvent
NdisCloseAdapter
NdisSetEvent
NdisFreePacketPool
NdisUnchainBufferAtFront
NdisDprFreePacket
NdisAllocateBuffer
NdisDprAllocatePacket
NdisInitializeEvent
NdisAllocatePacket

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17b0b601497a949a1fe948f8fb5a41d3

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB