b6c27321edce5602cefe40b1d154a367_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6c27321edce5602cefe40b1d154a367_JaffaCakes118
Size

928KB
MD5

b6c27321edce5602cefe40b1d154a367
SHA1

86e1d9e1bd8c2797f9646bc7c284cbf8e250600d
SHA256

fe3cf5cc8e648c6eadb31d5aff5eb7546206884dd99f0cb401ca5a8fe32a763a
SHA512

b673bc8e7d2094484f6c2726f1a630edc43dc4e9b52355026772c1f75e09b0a6a572f859cbdef9f0bbc231e4c5e615c502eccfc7992fe20aac042f826aca4bf4
SSDEEP

24576:gVCcKptGAzx/l/ZyBkN0Tk8HgRDhXdekVkL1L5t:gc9yM04R1NeJ1/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PORTTALK.SYS
unpack001/Samsung HDD Repair Tool.exe

Files

b6c27321edce5602cefe40b1d154a367_JaffaCakes118
.zip
PORTTALK.SYS
.sys windows:5 windows x86 arch:x86

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
MmAllocateNonCachedMemory
Ke386IoSetAccessProcess
IoCreateSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IofCompleteRequest
PsLookupProcessByProcessId

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR

Sections

.text
Size: 736B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SMPORT.VXD
Samsung HDD Repair Tool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 4KB - Virtual size: 66.0MB

IMAGE_SCN_MEM_READ

VProtect
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VProtect
Size: 708KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VProtect
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

VProtect
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ

VProtect
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samsung.ini

Sharing

General

Malware Config

Signatures

Files

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 736B - Virtual size: 714B

.rdata Size: 160B - Virtual size: 148B

.data Size: 32B - Virtual size: 4B

INIT Size: 448B - Virtual size: 440B

.rsrc Size: 992B - Virtual size: 984B

.reloc Size: 96B - Virtual size: 82B

Headers

File Characteristics

Sections

Size: 4KB - Virtual size: 66.0MB

VProtect Size: 548KB - Virtual size: 548KB

VProtect Size: 708KB - Virtual size: 716KB

VProtect Size: 4KB - Virtual size: 4KB

VProtect Size: 12KB - Virtual size: 12KB

VProtect Size: 16KB - Virtual size: 16KB

.text
Size: 736B - Virtual size: 714B

.rdata
Size: 160B - Virtual size: 148B

.data
Size: 32B - Virtual size: 4B

INIT
Size: 448B - Virtual size: 440B

.rsrc
Size: 992B - Virtual size: 984B

.reloc
Size: 96B - Virtual size: 82B

VProtect
Size: 548KB - Virtual size: 548KB

VProtect
Size: 708KB - Virtual size: 716KB

VProtect
Size: 4KB - Virtual size: 4KB

VProtect
Size: 12KB - Virtual size: 12KB

VProtect
Size: 16KB - Virtual size: 16KB