fe8275c0a9e7f72ca52cbf051aec2e11_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe8275c0a9e7f72ca52cbf051aec2e11_JaffaCakes118
Size

121KB
MD5

fe8275c0a9e7f72ca52cbf051aec2e11
SHA1

a9fcc6126ecd0a4dd0d37467acf57e5ccc1f7bf7
SHA256

1c837f5db6364bb3f0cedfc2be596714bd56931bf47ff790f5ec156672480a6a
SHA512

74d92d02662f982cbbc1e15b8ec7c43a4619fc81b656738a1bdba8a6b3a83d345ce5d77cce726bf9d0c0547d759fbca8a5bea91d1e9bbb4d67a8687c2868110f
SSDEEP

3072:+3LSNxya5hekhI6Jo4pA9ye+2SLGaj83wYzr1iUYcOhuJpl:4SN4AYvkzgR+gaj8pr1Lqk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SMIDMI.SYS
unpack001/WDMI.exe

Files

fe8275c0a9e7f72ca52cbf051aec2e11_JaffaCakes118
.rar
SMIDMI.SYS
.sys windows:6 windows x86 arch:x86

11af337248dc52f308440d3895e774a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\program\bios_tools\dmitool\insyde\windows\wdmi_smi\trunk\dmiwdm\objfre_wxp_x86\i386\smidmi.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
MmFreeContiguousMemorySpecifyCache
ExFreePoolWithTag
RtlCompareMemory
MmUnmapIoSpace
ExAllocatePoolWithTag
MmMapIoSpace
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
memset
IoCreateSymbolicLink
IoCreateDevice
READ_REGISTER_BUFFER_UCHAR
MmMapLockedPagesSpecifyCache
memcpy
KeTickCount
KeBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_text
Size: 128B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 662B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WDMI.exe
.exe windows:5 windows x86 arch:x86

61e8ed93cb355e6e48fd2fc34659bbb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Program\BIOS_TOOLS\DMITOOL\Insyde\Windows\WDMI_SMI\Trunk\WDMI\bin\Release\Win32\WDMI.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceA
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
SetConsoleTextAttribute
SetConsoleCursorPosition
SetFileAttributesA
GetNumberOfConsoleInputEvents
SetConsoleScreenBufferSize
GetStdHandle
GetPrivateProfileStringA
GetPrivateProfileIntA
SetConsoleMode
GetVersion
CreateFileA
CloseHandle
GetCurrentDirectoryA
lstrlenA
DeviceIoControl
GetModuleHandleA
GetProcAddress
GetCurrentProcess
ReadConsoleInputA
GetLastError
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
DeleteFileA
HeapFree
RaiseException
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
GetFileAttributesA
GetCommandLineA
HeapSetInformation
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileW
SetEndOfFile
GetProcessHeap

user32

wsprintfA

advapi32

ControlService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

11af337248dc52f308440d3895e774a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

page Size: 1KB - Virtual size: 1KB

.rdata Size: 384B - Virtual size: 278B

.data Size: 1KB - Virtual size: 1KB

_text Size: 128B - Virtual size: 45B

INIT Size: 768B - Virtual size: 662B

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 512B - Virtual size: 470B

61e8ed93cb355e6e48fd2fc34659bbb5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 14KB - Virtual size: 41KB

.rsrc Size: 61KB - Virtual size: 60KB

.text
Size: 5KB - Virtual size: 5KB

page
Size: 1KB - Virtual size: 1KB

.rdata
Size: 384B - Virtual size: 278B

.data
Size: 1KB - Virtual size: 1KB

_text
Size: 128B - Virtual size: 45B

INIT
Size: 768B - Virtual size: 662B

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 470B

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 14KB - Virtual size: 41KB

.rsrc
Size: 61KB - Virtual size: 60KB