a02acad0508d6ebdbf40da268324571d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a02acad0508d6ebdbf40da268324571d_JaffaCakes118
Size

21KB
MD5

a02acad0508d6ebdbf40da268324571d
SHA1

fc44090fe550d6b04f610602c6bbce9bf5bbf4d2
SHA256

1b61667ac435b101cdd68d7bd3670608fc6d374ac77746585b26e9b3064789f9
SHA512

2df296f8e7326b4e62976e0c9d70e3b59bed226d2306c1cd508099172f0d4890decddfc7bc065b21530c7a4a69d401afb00ed9c9c6c4882d878ca1f31efc9257
SSDEEP

384:BfO/0IJ4zfKUpKixTY1Lxdv5A+Ux0Nn0KqgHAQ7ycdVIiaXk83:NOcIJ4TKrm01L/5P0o09QG0VIiaXkQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/usr/share/windows/grabitall/EthDrv.sys
unpack002/usr/share/windows/grabitall/grabitall.exe

Files

a02acad0508d6ebdbf40da268324571d_JaffaCakes118
.xz
a02acad0508d6ebdbf40da268324571d_JaffaCakes118
.tar
.BUILDINFO
.MTREE
.gz
.MTREE
.PKGINFO
usr/share/windows/grabitall/EthDrv.inf
usr/share/windows/grabitall/EthDrv.sys
.sys windows:5 windows x86 arch:x86

b9e0686185d6b5bbd9e81cf55eaed5bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedIncrement
IoCreateDevice
InterlockedDecrement
ExAllocatePoolWithTag
swprintf
ExFreePool
InterlockedExchange
ExfInterlockedInsertTailList
IofCompleteRequest
KeInitializeSpinLock
RtlInitUnicodeString
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisFreePacket
NdisAllocatePacket
NdisResetEvent
NdisCloseAdapter
NdisFreeMemory
NdisAllocatePacketPool
NdisInitializeEvent
NdisOpenAdapter
NdisWaitEvent
NdisFreePacketPool
NdisDeregisterProtocol
NdisSetEvent
NdisRegisterProtocol
NdisQueryAdapterInstanceName

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 352B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usr/share/windows/grabitall/grabitall.exe
.exe windows:4 windows x86 arch:x86

03b5b99d4e43460eb2c40835effbb750

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetLastError
MultiByteToWideChar
CreateEventW
WriteFile
DeviceIoControl
GetOverlappedResult
CreateFileW
VirtualAlloc
Sleep
GetCommandLineA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LCMapStringA
GetStringTypeW
LCMapStringW
LoadLibraryA
GetProcAddress
GetStringTypeA
GetACP
GetCPInfo
ExitProcess
TerminateProcess
GetCurrentProcess
CloseHandle
GetVersion
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
VirtualFree
GetOEMCP
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
SetFilePointer
ReadFile
SetStdHandle
HeapReAlloc

advapi32

OpenSCManagerW
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
RegSetValueExW
RegCloseKey
RegOpenKeyW

iphlpapi

GetAdaptersInfo
GetIpNetTable

wsock32

socket
ioctlsocket
WSAStartup
WSACleanup
sendto
closesocket

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9e0686185d6b5bbd9e81cf55eaed5bd

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 256B - Virtual size: 228B

.data Size: 32B - Virtual size: 24B

INIT Size: 896B - Virtual size: 888B

.reloc Size: 352B - Virtual size: 346B

03b5b99d4e43460eb2c40835effbb750

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

wsock32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 36KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 256B - Virtual size: 228B

.data
Size: 32B - Virtual size: 24B

INIT
Size: 896B - Virtual size: 888B

.reloc
Size: 352B - Virtual size: 346B

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 36KB