96f15b3142447c311ecf467e88b815c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96f15b3142447c311ecf467e88b815c0_JaffaCakes118
Size

41KB
MD5

96f15b3142447c311ecf467e88b815c0
SHA1

f382c245970f12114bc16b70310a90325b230b49
SHA256

11793cb1d5dc2e74c9da9d6cbc0443a281b5b9ce825f72d7b8676fd79380574c
SHA512

cbacaf12dbbfbc39cdffa44ea8f4cb860073af1d108c60fce2e1de6cec8c9a19626d26e1fdd3ec9a068b3874998c379feead2d800c5d2f72cd0bb17f4397ea77
SSDEEP

768:D2OArcjRLCjYGIOy7TK7EasT3vVZg/QHu:dAQjoG8Eas4+u

Score

1^/10

Malware Config

Signatures

Files

96f15b3142447c311ecf467e88b815c0_JaffaCakes118
.sys windows:6 windows x86 arch:x86

955226fae1f76ee9fd183bdfc984e67c

Code Sign

01
Certificate

Issuer

CN=Dumhagpuu Nagiq,O=Ziws Miptepne Rohr,L=Ewoxsoiplyoy,ST=Lysqogduj,C=RU

Not Before

12/07/2015, 00:06

Not After

11/07/2016, 00:06

Subject

CN=Yysamoto Teglin,O=Ziws Miptepne Rohr,L=Ewoxsoiplyoy,ST=Lysqogduj,C=RU

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:89:24:02:92:00:1c:62:28:23:87:5d:60:b8:0e:e3:72:99:bd:3f
Signer

Actual PE Digest

0c:89:24:02:92:00:1c:62:28:23:87:5d:60:b8:0e:e3:72:99:bd:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
DbgPrint
RtlUnicodeStringToAnsiString
ZwSetInformationFile
ZwCreateFile
ZwQueryDirectoryFile
RtlFreeAnsiString
ZwDeleteFile
ZwOpenFile
IoDeleteSymbolicLink
IoDeleteDevice
KeDelayExecutionThread
IoCreateSymbolicLink
IoCreateDevice
_strnicmp
ZwCreateKey
memmove
strchr
ZwDeleteValueKey
ZwSetValueKey
ZwClose
ZwOpenKeyEx
ZwOpenProcess
KeServiceDescriptorTable
IofCompleteRequest
ZwTerminateProcess
ZwEnumerateKey
ZwOpenKey
PsSetLoadImageNotifyRoutine
RtlInitAnsiString
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
strncmp
ExfInterlockedInsertTailList
atol
RtlAnsiStringToUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlFreeUnicodeString
ObQueryNameString
ObReferenceObjectByHandle
toupper
ObfDereferenceObject
KeBugCheckEx
ExFreePoolWithTag
ZwQueryInformationProcess
ExAllocatePoolWithTag
memcpy
memset

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

955226fae1f76ee9fd183bdfc984e67c

Code Sign

01Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

0c:89:24:02:92:00:1c:62:28:23:87:5d:60:b8:0e:e3:72:99:bd:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 512B - Virtual size: 460B

.data Size: 512B - Virtual size: 152B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

01
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

0c:89:24:02:92:00:1c:62:28:23:87:5d:60:b8:0e:e3:72:99:bd:3f
Signer

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 512B - Virtual size: 460B

.data
Size: 512B - Virtual size: 152B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB