603eef886474d9fe89b4fb6cf46a7ebf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

603eef886474d9fe89b4fb6cf46a7ebf_JaffaCakes118
Size

110KB
MD5

603eef886474d9fe89b4fb6cf46a7ebf
SHA1

0190f3ec34a5db11295a2f4b0f70357fdc64157a
SHA256

3a9b0d17ff98875786a97e8e2a8871baafa651c00479ed5f54d81b8627db9dd8
SHA512

5d62c80b59a49af528567a4fe2d18b5a81dccc5910bb62c8f6c813e8544023f0aba45354c60db1cd5d5c23a398562b2d11cc0bba2245210a6cc427225720c2c7
SSDEEP

1536:sqaWNYY4FD8z9B4wilu2ohU5Du7KZxgm3hHQ/8VlMAYG1bspfrjeTg2Hax0:t/NYTlNoK5a1mtYCiGsRqHax0

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InHelper/InHelper.exe
unpack001/InHelper/WinIo32.dll
unpack001/InHelper/WinIo32.sys

Files

603eef886474d9fe89b4fb6cf46a7ebf_JaffaCakes118
.rar
InHelper/InHelper.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InHelper/WinIo32.dll
.dll windows:5 windows x86 arch:x86

d909a8983533a58b9141a428f9741a1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Documents and Settings\Administrator\桌面\键盘模拟\WinIo\WinIo\Source\Dll\x86\Release\WinIo.pdb

Imports

kernel32

CloseHandle
GetProcAddress
CreateFileW
GetModuleFileNameW
GetModuleHandleW
DeviceIoControl
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
ExitProcess
WriteFile
GetStdHandle
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent

advapi32

CreateServiceW
QueryServiceConfigW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle

Exports

Exports

GetPhysLong
GetPortVal
InitializeWinIo
InstallWinIoDriver
MapPhysToLin
RemoveWinIoDriver
SetPhysLong
SetPortVal
ShutdownWinIo
UnmapPhysicalMemory

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InHelper/WinIo32.sys
.sys windows:6 windows x86 arch:x86

3959798ab4efb345340971991c0e777f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\winio\source\drv\i386\WinIo.pdb

Imports

ntoskrnl.exe

ZwOpenSection
ObfDereferenceObject
ZwUnmapViewOfSection
IofCompleteRequest
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
ObReferenceObjectByHandle
IoGetCurrentProcess
memset
memcpy
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwMapViewOfSection
ZwClose
DbgPrint
RtlInitUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
Ke386IoSetAccessProcess
RtlAssert

hal

WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
WRITE_PORT_ULONG

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InHelper/飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: - Virtual size: 196KB

Size: 97KB - Virtual size: 100KB

d909a8983533a58b9141a428f9741a1b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 70KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

3959798ab4efb345340971991c0e777f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 224B

.data Size: 512B - Virtual size: 8B

INIT Size: 1024B - Virtual size: 862B

.reloc Size: 512B - Virtual size: 242B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 70KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 224B

.data
Size: 512B - Virtual size: 8B

INIT
Size: 1024B - Virtual size: 862B

.reloc
Size: 512B - Virtual size: 242B