410778109468f4909a473c7ec155c868_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

410778109468f4909a473c7ec155c868_JaffaCakes118
Size

93KB
MD5

410778109468f4909a473c7ec155c868
SHA1

690eddcb772f1be0b480246cd252eb198597d894
SHA256

334ea038da3950c0a044f61d93660bbcebed1fc7d561f28fca84b8eead37779e
SHA512

d391f0d73aedef20770de0f204abe05d1956dcd8eb36ed14d2ffc377d20320e35eeba947d1936690501e66061f882ada31769b76d7f2edcbe501cbc378983f8d
SSDEEP

1536:F+FpBGKbbH76LKeqKBx9G02a+wauCex0s1yPE2FKEVCWu85O/4rMnXz6pUDISYXN:YFpBGKbbHGLK2Bx9G02iauC+1ynDtOQR

Score

1^/10

Malware Config

Signatures

Files

410778109468f4909a473c7ec155c868_JaffaCakes118
.sys windows:6 windows x64 arch:x64

c256359622ee3d7bd9576fcfc5216a5d

Code Sign

3d:78:65:82:0b:60:e7:7f:be:9b:dc:b8:61:05:49:ea
Certificate

Issuer

CN=Lomyjaseaqilu

Not Before

17/07/2015, 04:28

Not After

31/12/2039, 23:59

Subject

CN=Lomyjaseaqilu

5b:3c:b3:fc:8e:85:fd:07:58:c8:6a:56:93:40:e6:b1:e0:26:3f:b1
Signer

Actual PE Digest

5b:3c:b3:fc:8e:85:fd:07:58:c8:6a:56:93:40:e6:b1:e0:26:3f:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\fifteen\recap.pdb

Imports

ntoskrnl.exe

FsRtlResetLargeMcb
ExWaitForRundownProtectionRelease
ExAcquireRundownProtection
ExAllocatePoolWithTag
KeQueryActiveProcessors
RtlNumberGenericTableElements
RtlConvertSidToUnicodeString
RtlCaptureContext
ExFreePoolWithTag
PfxInitialize
IoSetHardErrorOrVerifyDevice
PsGetProcessCreateTimeQuadPart
ExReleaseRundownProtection
KeInitializeMutant
RtlInitializeBitMap
RtlNumberGenericTableElementsAvl
RtlSetGroupSecurityDescriptor
ExInitializeRundownProtection
ExConvertExclusiveToSharedLite
FsRtlInitializeTunnelCache
MmGetVirtualForPhysical
RtlGetGroupSecurityDescriptor
KeReadStateMutant
RtlValidRelativeSecurityDescriptor
RtlIsGenericTableEmptyAvl
IoGetDeviceToVerify
RtlAreBitsSet
RtlLengthSecurityDescriptor
FsRtlIsTotalDeviceFailure
SeRegisterLogonSessionTerminatedRoutine
PsIsThreadTerminating
RtlNtStatusToDosErrorNoTeb
ExRundownCompleted
RtlEnumerateGenericTableAvl
FsRtlNormalizeNtstatus
RtlEnumerateGenericTable
ExDeleteResourceLite
ExReInitializeRundownProtection
IoInitializeRemoveLockEx
ExInitializeResourceLite
RtlSubAuthorityCountSid
FsRtlIsNtstatusExpected
RtlUpcaseUnicodeChar
RtlEnumerateGenericTableWithoutSplaying
SeTokenType
RtlAreBitsClear
KeBugCheckEx
__C_specific_handler
_local_unwind

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c256359622ee3d7bd9576fcfc5216a5d

Code Sign

3d:78:65:82:0b:60:e7:7f:be:9b:dc:b8:61:05:49:eaCertificate

5b:3c:b3:fc:8e:85:fd:07:58:c8:6a:56:93:40:e6:b1:e0:26:3f:b1Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 19KB - Virtual size: 19KB

.pdata Size: 512B - Virtual size: 384B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 412B

3d:78:65:82:0b:60:e7:7f:be:9b:dc:b8:61:05:49:ea
Certificate

5b:3c:b3:fc:8e:85:fd:07:58:c8:6a:56:93:40:e6:b1:e0:26:3f:b1
Signer

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 19KB - Virtual size: 19KB

.pdata
Size: 512B - Virtual size: 384B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 412B