39134ee802c90fbac1e5771a3c14dc7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39134ee802c90fbac1e5771a3c14dc7a_JaffaCakes118
Size

103KB
MD5

39134ee802c90fbac1e5771a3c14dc7a
SHA1

d9ff9488e2762577a210e4d2ab0dd26ffbdba763
SHA256

59ce59b653afb8b2f3cc6baca5e6cf915176858c6b2611ff266594749ef8ffd5
SHA512

e1cf3362c46dd45925553a3d261a6f740ef5d4980c49197abac747587753d8ffe22d831a50b09970ac8a5485f6fcc925e24a7482041e00d6d657a0b36f66e10f
SSDEEP

3072:SqlyIVXX9/IwkLw9EegML593uvaRmGrz5XCRRL4TgwK0mDn:1lyIVXX9/zQtML593uvaRmOzERN4cr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39134ee802c90fbac1e5771a3c14dc7a_JaffaCakes118

Files

39134ee802c90fbac1e5771a3c14dc7a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f36550e4506f72b1a5dc36d3b25dc21e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bld_ide\storage\ide\rel6\busdrv\objfre\i386\nvatabus.pdb

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
ObfReferenceObject
RtlCopyUnicodeString
READ_REGISTER_USHORT
READ_REGISTER_UCHAR
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
KeInsertQueueDpc
KeSynchronizeExecution
MmUnmapIoSpace
MmMapIoSpace
IoFreeMdl
IoGetDeviceProperty
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
strncmp
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
ZwSetValueKey
ZwCreateKey
IoOpenDeviceRegistryKey
ExAllocatePoolWithTagPriority
IoWMIRegistrationControl
IoDisconnectInterrupt
PoSetPowerState
IoReleaseRemoveLockAndWaitEx
KeBugCheckEx
KeSetEvent
sprintf
IoConnectInterrupt
IoGetDmaAdapter
KeInitializeDpc
IoIsWdmVersionAvailable
IoQueueWorkItem
IoAllocateWorkItem
ExInterlockedPopEntrySList
RtlFreeAnsiString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockEx
IoAllocateIrp
MmUnlockPages
IoFreeWorkItem
IoReleaseCancelSpinLock
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
IoInvalidateDeviceRelations
ExInitializeNPagedLookasideList
IoInitializeTimer
RtlFindMostSignificantBit
RtlFindLeastSignificantBit
ExDeleteNPagedLookasideList
IoStopTimer
IoInvalidateDeviceState
wcscpy
PoRegisterDeviceForIdleDetection
IoStartTimer
MmBuildMdlForNonPagedPool
Mm64BitPhysicalAddress
IoAcquireCancelSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeDeviceQueue
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlClearAllBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlClearBits
PsTerminateSystemThread
KeClearEvent
ObReferenceObjectByHandle
PsCreateSystemThread
KeSetTimer
KeQuerySystemTime
KeCancelTimer
KeInitializeTimer
_except_handler3
PoRequestPowerIrp
IofCompleteRequest
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoInitializeRemoveLockEx
IoGetConfigurationInformation
IoCreateSymbolicLink
KeInitializeEvent
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
ObfDereferenceObject
IoDeleteSymbolicLink
IoDetachDevice
KeInitializeSpinLock
ExFreePoolWithTag
IoFreeIrp
ExInterlockedPushEntrySList

hal

KeStallExecutionProcessor
ExAcquireFastMutex
KeQueryPerformanceCounter
KeGetCurrentIrql
KeFlushWriteBuffer
KeRaiseIrqlToDpcLevel
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
ExReleaseFastMutex
READ_PORT_ULONG
WRITE_PORT_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_UCHAR
READ_PORT_BUFFER_USHORT
READ_PORT_BUFFER_UCHAR
WRITE_PORT_UCHAR
READ_PORT_UCHAR
READ_PORT_USHORT

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 437B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f36550e4506f72b1a5dc36d3b25dc21e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 768B - Virtual size: 720B

.data Size: 256B - Virtual size: 228B

PAGE Size: 512B - Virtual size: 437B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 768B - Virtual size: 720B

.data
Size: 256B - Virtual size: 228B

PAGE
Size: 512B - Virtual size: 437B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB