7f9b8249b60521789efcf7d805156155_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7f9b8249b60521789efcf7d805156155_JaffaCakes118
Size

99KB
MD5

7f9b8249b60521789efcf7d805156155
SHA1

eb070be72b0a18847f1e95c373fffcfd77c9f656
SHA256

f143967af5965416794fc8f34e71324caebb8b7181ac7ba269e11de4d497ffcf
SHA512

2271344b1eb4f6892f0ba53fa4ed4acb5baa547d475f4762fa3049e69b0bd3cbf80756185adead5ed2bcb4919358d59cafab1a4c4e24b0d1cf43b11b92b89561
SSDEEP

1536:AXE2HXCU+KZciUSRA5mcySijNiDh/xrT3ymwtogM+emn6GbWW2mu2+ueaU9iX:Ad3USGTySuNe/ZDymwtogM+emnQS

Score

1^/10

Malware Config

Signatures

Files

7f9b8249b60521789efcf7d805156155_JaffaCakes118
.sys windows:5 windows x64 arch:x64

804e9b86303201ea29f80c2eb9ef0723

Code Sign

30:10:bd:b8:26:ba:7f:5e:31:9f:42:41:3d:6d:c1:4c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

28/06/2013, 00:00

Not After

28/06/2014, 23:59

Subject

CN=Handan City Congtai District LiKang Daily Goods Department,O=Handan City Congtai District LiKang Daily Goods Department,L=Handan,ST=Hebei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:9e:7b:74:f4:c6:45:02:df:7f:80:69:a9:3b:81:3b:0a:5d:3b:06
Signer

Actual PE Digest

bb:9e:7b:74:f4:c6:45:02:df:7f:80:69:a9:3b:81:3b:0a:5d:3b:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeEvent
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
NtBuildNumber
ObCreateObject
ObReferenceObjectByHandle
IoFileObjectType
IoCreateFile
RtlInitUnicodeString
DbgPrint
SeCreateAccessState
IoGetFileObjectGenericMapping
ExAllocatePool
_wcsnicmp
ExGetPreviousMode
PsTerminateSystemThread
_wcsicmp
MmGetSystemRoutineAddress
PsCreateSystemThread
__C_specific_handler
MmIsAddressValid
KeDelayExecutionThread
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
ZwOpenKey
ZwFlushKey
ZwCreateKey
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
ZwSetValueKey
ZwQueryValueKey
ZwEnumerateValueKey
ZwSaveKey
ZwCreateFile
ZwLoadKey
ZwUnloadKey
ZwWriteFile
ZwReadFile
ZwDeleteFile
ZwSetInformationFile
ZwQueryDirectoryObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
wcsrchr
RtlFreeAnsiString
IoGetRelatedDeviceObject
_strupr
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoGetCurrentProcess
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
strstr
PsGetProcessId
RtlCopyUnicodeString
ObQueryNameString
RtlCompareUnicodeString
ObRegisterCallbacks
ObGetFilterVersion
PsProcessType
wcsstr
_wcsupr
CmRegisterCallback
PsSetCreateProcessNotifyRoutineEx
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
swprintf
LdrAccessResource
LdrFindResource_U
ZwQueryInformationFile
sprintf
ZwQueryInformationProcess
ObOpenObjectByPointer
ZwOpenProcess
wcsncmp
ZwQuerySystemInformation
KeDetachProcess
KeAttachProcess
IoRegisterShutdownNotification
InitSafeBootMode
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoIsWdmVersionAvailable
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
IoCreateDevice
atoi
ZwLoadDriver
MmSectionObjectType
PsGetProcessImageFileName
PsLookupProcessByProcessId
wcsncpy
ZwQueryVirtualMemory
ZwQuerySection
PsReferencePrimaryToken
IoThreadToProcess
RtlCompareMemory
IoAllocateIrp
KeWaitForSingleObject
KeClearEvent
IoFreeIrp
ExFreePoolWithTag
KeBugCheckEx
strrchr
KeSetEvent

fltmgr.sys

FltParseFileNameInformation
FltWriteFile
FltReleaseFileNameInformation
FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltGetFileNameInformation

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

804e9b86303201ea29f80c2eb9ef0723

Code Sign

30:10:bd:b8:26:ba:7f:5e:31:9f:42:41:3d:6d:c1:4cCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

bb:9e:7b:74:f4:c6:45:02:df:7f:80:69:a9:3b:81:3b:0a:5d:3b:06Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

fltmgr.sys

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 833KB

.pdata Size: 3KB - Virtual size: 3KB

INIT Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

30:10:bd:b8:26:ba:7f:5e:31:9f:42:41:3d:6d:c1:4c
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

bb:9e:7b:74:f4:c6:45:02:df:7f:80:69:a9:3b:81:3b:0a:5d:3b:06
Signer

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 833KB

.pdata
Size: 3KB - Virtual size: 3KB

INIT
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB