409497aad8478b1f108d2c5dbce033ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

409497aad8478b1f108d2c5dbce033ab_JaffaCakes118
Size

35KB
MD5

409497aad8478b1f108d2c5dbce033ab
SHA1

3d67313bee6910afb600943108604954ca9ad5fa
SHA256

47e60a03fff1c174edbebb6a60e48ee5a8b048f2c6c34e8ecac0ceed8ebdf8a4
SHA512

3b10ed7685693e4a1c9a5379c185203f63b7c3c2029db47a84236d73616b9d88da85f5b122d9facc0a44e91eb1e57ffd4bd3795a435c39f417af5cf61875580b
SSDEEP

768:H1JWYeCqzULBCeKZetJNaitBXSoXvJqj5kxktPH34a+EKPLWMmubC70X:VvkzQTt0yAjA8RKPaDuCAX

Score

1^/10

Malware Config

Signatures

Files

409497aad8478b1f108d2c5dbce033ab_JaffaCakes118
.sys windows:6 windows x64 arch:x64

fbc58cb89c0c086d508539e94801e854

Code Sign

d4:be:83:77:35:83:15:ab:06:17:58:54:a3:16:b9:08:ea:23:0c:87
Signer

Actual PE Digest

d4:be:83:77:35:83:15:ab:06:17:58:54:a3:16:b9:08:ea:23:0c:87

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\driver_projects\asmahci-project\ahci-ataminiport\bin\amd64\asahci.pdb

Imports

pciidex.sys

AtaPortGetPhysicalAddress
AtaPortReadRegisterUlong
AtaPortInitializeEx
AtaPortDeviceStateChange
AtaPortRegistryFreeBuffer
AtaPortGetBusData
AtaPortRegistryRead
AtaPortDebugPrint
AtaPortRegistryAllocateBuffer
AtaPortRequestCallback
AtaPortGetUnCachedExtension
AtaPortReadRegisterUchar
AtaPortNotification
AtaPortBuildRequestSenseIrb
AtaPortReleaseRequestSenseIrb
AtaPortCompleteRequest
AtaPortMoveMemory
AtaPortGetDeviceBase
AtaPortGetScatterGatherList
AtaPortStallExecution
AtaPortWriteRegisterUlong

ntoskrnl.exe

KeBugCheckEx

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbc58cb89c0c086d508539e94801e854

Code Sign

d4:be:83:77:35:83:15:ab:06:17:58:54:a3:16:b9:08:ea:23:0c:87Signer

Headers

File Characteristics

PDB Paths

Imports

pciidex.sys

ntoskrnl.exe

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 1024B - Virtual size: 836B

.data Size: 512B - Virtual size: 336B

.pdata Size: 1024B - Virtual size: 768B

INIT Size: 1024B - Virtual size: 974B

.rsrc Size: 1024B - Virtual size: 976B

d4:be:83:77:35:83:15:ab:06:17:58:54:a3:16:b9:08:ea:23:0c:87
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 1024B - Virtual size: 836B

.data
Size: 512B - Virtual size: 336B

.pdata
Size: 1024B - Virtual size: 768B

INIT
Size: 1024B - Virtual size: 974B

.rsrc
Size: 1024B - Virtual size: 976B