4353e46155c129eea3d3532638094315_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4353e46155c129eea3d3532638094315_JaffaCakes118
Size

393KB
MD5

4353e46155c129eea3d3532638094315
SHA1

00b281bc41a148aad71cebd760d6a2a061c49019
SHA256

17d27db966a008a2a39510283db6d79abd5eff244c76de115ebb6c6a0b954fe5
SHA512

0591a9328b687df91a41827867e2f89439705737580273e7f6c30242890c66d0e80dc73135246eb8d1bc329284621382773bb64dd3535759ac724eb5ae4d7ef0
SSDEEP

6144:9D1A2bo44F15qbb9yx8FBUFBz6RRdjNhv5bqGa7gz2FVL42CTDIYWznE:9xv8ebouFBUHz6RRdwGa7XnL4DwzzE

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/SSCDUninstall.exe
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdbus.sys
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdcmnt.sys
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdmdfl.sys
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdmdm.sys
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdwhnt.sys
unpack001/Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/lucifer samsung v 1.03 By ArielTotoras.exe

Files

4353e46155c129eea3d3532638094315_JaffaCakes118
.rar
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/MSCOMM32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

981c4b05d92d1681a5f459ad4e52b1b8

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetCommModemStatus
WriteFile
GetCommProperties
ResetEvent
GetOverlappedResult
IsBadWritePtr
MultiByteToWideChar
Sleep
ReadFile
SetCommState
GetCommState
ClearCommError
lstrcpynA
lstrlenA
CreateThread
WaitCommEvent
GlobalUnlock
GlobalLock
GlobalAlloc
ClearCommBreak
SetCommBreak
GetVersion
GetFileAttributesA
lstrcatA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
CompareStringA
CompareStringW
lstrcmpA
CreateEventA
CreateFileA
GetLastError
SetupComm
SetCommTimeouts
SetCommMask
WaitForSingleObject
DisableThreadLibraryCalls
GlobalFree
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
lstrcpyA
EscapeCommFunction
PurgeComm

user32

ShowWindow
SetWindowRgn
PtInRect
IsDialogMessageA
GetWindowLongA
IsWindowEnabled
IsChild
GetKeyState
OffsetRect
IntersectRect
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
DestroyWindow
GetSystemMetrics
GetDlgItemInt
GetDlgItemTextA
GetDlgItem
SendMessageA
SetDlgItemInt
SetDlgItemTextA
DialogBoxParamA
wsprintfA
CreateWindowExA
SetWindowLongA
DefWindowProcA
EqualRect
GetWindowRect
GetParent
ClientToScreen
MoveWindow
GetActiveWindow
GetWindow
GetClientRect
SetFocus
BeginPaint
IsWindowVisible
EndPaint
SetParent
CheckDlgButton
SetWindowPos
CharNextA
EndDialog
LoadIconA
DrawEdge
CreateDialogIndirectParamA
PostMessageA
WinHelpA
GetNextDlgTabItem
LoadStringA
UnregisterClassA
ReleaseDC
GetDC
IsDlgButtonChecked
MessageBoxA
RegisterClipboardFormatA

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

OleCreatePropertyFrame
VariantChangeType
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
GetErrorInfo
RegisterTypeLi
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
SafeArrayGetDim
SysStringLen
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantClear
SysFreeString
VariantInit
SysAllocString
CreateErrorInfo

gdi32

DeleteDC
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetMapMode
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/SSCDUninstall.exe
.exe windows:4 windows x86 arch:x86

269db232e9166134c0d13f2637c01367

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
CreateFileA
DeleteFileA
SetFileAttributesA
MultiByteToWideChar
SetLastError
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
InterlockedDecrement
InterlockedIncrement
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
GetWindowsDirectoryA
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
GetLocaleInfoA
GetVersionExA
SetFilePointer
SetStdHandle
ReadFile
FlushFileBuffers
GetLocaleInfoW
GetModuleFileNameA
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
CreateMutexA
GetLastError
TlsAlloc
CloseHandle

user32

EndDialog
MessageBoxA
DialogBoxParamA
SetDlgItemTextA
SetWindowTextA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupOpenInfFileA
SetupFindFirstLineA
SetupCloseInfFile
SetupFindNextLine
SetupGetStringFieldA
SetupPromptReboot
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiOpenClassRegKeyExA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdbus.inf
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdbus.sys
.sys windows:4 windows x86 arch:x86

43926a902a57484436a9b6a5c8852900

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoCreateDevice
IoDeleteDevice
ObfDereferenceObject
InterlockedDecrement
KeInitializeMutex
IoAllocateDriverObjectExtension
IoGetDriverObjectExtension
KeReleaseMutex
RtlEqualUnicodeString
RtlInitUnicodeString
IoGetDeviceProperty
ExQueueWorkItem
IoInvalidateDeviceRelations
KeSetEvent
IoAttachDeviceToDeviceStack
IofCallDriver
RtlAppendUnicodeToString
ZwClose
RtlQueryRegistryValues
KeInitializeSpinLock
IoDeleteSymbolicLink
ExFreePool
ObReferenceObjectByPointer
KeWaitForSingleObject
InterlockedCompareExchange
InterlockedExchange
KeInitializeEvent
InterlockedIncrement
IoReleaseCancelSpinLock
KeCancelTimer
IoCancelIrp
MmUnlockPages
MmMapLockedPages
MmProbeAndLockPages
IoDetachDevice
IoFreeIrp
IoAllocateIrp
IoCreateUnprotectedSymbolicLink
memmove
ZwQueryValueKey
ExAllocatePoolWithTag
KeQuerySystemTime
RtlDeleteRegistryValue
ZwSetValueKey
KeResetEvent
KeSetTimer
KeInitializeDpc
KeInitializeTimer
IoInitializeIrp
KeReadStateTimer
IofCompleteRequest
RtlUnwind

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

sscdwh.sys

_MCCIWH_FindIoGetAttachedDeviceReference@4
_MCCIWH_QuerySystemVersion@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCIWH_FindIoRegisterDeviceInterface@4

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdcmnt.sys
.sys windows:4 windows x86 arch:x86

fa5b893439c85738ba31f644a8b80916

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
KeDelayExecutionThread
ExFreePool
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoRegisterPlugPlayNotification
IoReportTargetDeviceChange
IoSetDeviceInterfaceState
IoGetDeviceObjectPointer
RtlInitUnicodeString
PoCallDriver
PoCancelDeviceNotify
PoRegisterDeviceForIdleDetection
PoRegisterDeviceNotify
PoRegisterSystemState
PoRequestPowerIrp
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoUnregisterSystemState

Exports

Exports

_MCCICM_AddSerialDevice@8
_MCCICM_FindIoOpenDeviceRegistryKey@4
_MCCICM_FindPoCallDriver@4
_MCCICM_FindPoRequestPowerIrp@4
_MCCICM_FindPoStartNextPowerIrp@4
_MCCICM_QuerySystemVersion@4
_MCCICM_ReestablishSerialConnection@4
_MCCICM_RemoveSerialDevice@4
_MCCIWH_CreateDelayedDereferenceItem@12
_MCCIWH_FindIoGetDeviceInterfaceAlias@4
_MCCIWH_FindIoGetDeviceInterfaces@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_FindIoRegisterPlugPlayNotification@4
_MCCIWH_FindIoReportTargetDeviceChange@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCIWH_FindPDOByDevNode@8
_MCCIWH_FindPDOByReference@20
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindPoCancelDeviceNotify@4
_MCCIWH_FindPoRegisterDeviceForIdleDetection@4
_MCCIWH_FindPoRegisterDeviceNotify@4
_MCCIWH_FindPoRegisterSystemState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoSetDeviceBusy@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoSetSystemState@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoUnregisterSystemState@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_SubmitDelayedDereferenceItem@8

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdmdfl.sys
.sys windows:5 windows x86 arch:x86

8164dfa1c8e852d68628784ea6be3269

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

KeInitializeEvent
IoCreateDevice
IofCallDriver
IofCompleteRequest
KeWaitForSingleObject
KeSetEvent
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
InterlockedIncrement
IoReleaseRemoveLockEx
InterlockedDecrement
ExFreePool
ZwQueryValueKey
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
ZwClose
IoOpenDeviceRegistryKey
KeDelayExecutionThread
KeQueryTimeIncrement
PoCallDriver
PoStartNextPowerIrp
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeResetEvent
IoFreeIrp
IoAllocateIrp
ExAllocatePoolWithTag
IoDeleteDevice

hal

KeGetCurrentIrql

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 832B - Virtual size: 810B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 224B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdmdm.sys
.sys windows:4 windows x86 arch:x86

c2c00ec35edc18eb9e52d919dd6f3ff4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IofCompleteRequest
KeSetTimer
IoReleaseCancelSpinLock
KeCancelTimer
KeRemoveQueueDpc
IoAcquireCancelSpinLock
IoCancelIrp
KeInsertQueueDpc
ExQueueWorkItem
RtlDeleteRegistryValue
IoInitializeIrp
KeQuerySystemTime
InterlockedDecrement
KeInitializeTimer
InterlockedExchange
InterlockedIncrement
IoCreateUnprotectedSymbolicLink
KeInitializeDpc
KeInitializeSpinLock
KeInitializeEvent
RtlWriteRegistryValue
IoDeleteSymbolicLink
KeTickCount
KeQueryTimeIncrement
KeWaitForSingleObject
KeSetEvent
RtlCompareMemory
KeClearEvent
memmove
IoAttachDeviceToDeviceStack
IofCallDriver
RtlInitUnicodeString
RtlAppendUnicodeToString
IoDeleteDevice
IoDetachDevice
ZwClose
ZwQueryValueKey
ZwSetValueKey
IoFreeIrp
IoAllocateIrp
IoCreateDevice
ObfDereferenceObject
ExAllocatePoolWithTag
KeResetEvent
KeReadStateTimer
RtlEqualUnicodeString
IoGetDeviceProperty
ObReferenceObjectByPointer
ExFreePool
RtlUnwind

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

usbd.sys

USBD_GetUSBDIVersion

sscdcm.sys

_MCCICM_RemoveSerialDevice@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCICM_AddSerialDevice@8
_MCCICM_ReestablishSerialConnection@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_QuerySystemVersion@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindPDOByDevNode@8
_MCCIWH_FindPDOByReference@20

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdw2k.inf
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/drivers/sscdwhnt.sys
.sys windows:4 windows x86 arch:x86

6c8b2aca61a1698cacbba0b7b8f2a5b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
KeDelayExecutionThread
ExFreePool
IoGetAttachedDeviceReference
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoRegisterPlugPlayNotification
IoReportTargetDeviceChange
IoSetDeviceInterfaceState
IoGetDeviceObjectPointer
RtlInitUnicodeString
PoCallDriver
PoCancelDeviceNotify
PoRegisterDeviceForIdleDetection
PoRegisterDeviceNotify
PoRegisterSystemState
PoRequestPowerIrp
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoUnregisterSystemState

Exports

Exports

_MCCIWH_CreateDelayedDereferenceItem@12
_MCCIWH_FindIoGetAttachedDeviceReference@4
_MCCIWH_FindIoGetDeviceInterfaceAlias@4
_MCCIWH_FindIoGetDeviceInterfaces@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_FindIoRegisterPlugPlayNotification@4
_MCCIWH_FindIoReportTargetDeviceChange@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCIWH_FindPDOByDevNode@8
_MCCIWH_FindPDOByReference@20
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindPoCancelDeviceNotify@4
_MCCIWH_FindPoRegisterDeviceForIdleDetection@4
_MCCIWH_FindPoRegisterDeviceNotify@4
_MCCIWH_FindPoRegisterSystemState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoSetDeviceBusy@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoSetSystemState@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoUnregisterSystemState@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_SubmitDelayedDereferenceItem@8

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 832B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/lucifer samsung v 1.03 By ArielTotoras.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 313KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Lucifer_1.03 By ArielTotoras/Lucifer 1.03 By ArielTotoras/waths new.txt

Sharing

General

Malware Config

Signatures

Files

981c4b05d92d1681a5f459ad4e52b1b8

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 5KB - Virtual size: 4KB

269db232e9166134c0d13f2637c01367

Headers

File Characteristics

Imports

kernel32

user32

advapi32

setupapi

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

43926a902a57484436a9b6a5c8852900

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

sscdwh.sys

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 32B - Virtual size: 16B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 872B

.reloc Size: 1KB - Virtual size: 1KB

fa5b893439c85738ba31f644a8b80916

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 1KB

INIT Size: 768B - Virtual size: 768B

.rsrc Size: 864B - Virtual size: 856B

.reloc Size: 128B - Virtual size: 124B

8164dfa1c8e852d68628784ea6be3269

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 256B - Virtual size: 244B

INIT Size: 832B - Virtual size: 810B

.rsrc Size: 896B - Virtual size: 888B

.reloc Size: 224B - Virtual size: 206B

c2c00ec35edc18eb9e52d919dd6f3ff4

Headers

File Characteristics

Imports

ntoskrnl.exe

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 32B - Virtual size: 16B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 872B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

INIT
Size: 768B - Virtual size: 768B

.rsrc
Size: 864B - Virtual size: 856B

.reloc
Size: 128B - Virtual size: 124B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 256B - Virtual size: 244B

INIT
Size: 832B - Virtual size: 810B

.rsrc
Size: 896B - Virtual size: 888B

.reloc
Size: 224B - Virtual size: 206B

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 256B - Virtual size: 228B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 832B - Virtual size: 832B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

INIT
Size: 832B - Virtual size: 804B

.rsrc
Size: 896B - Virtual size: 872B

.reloc
Size: 192B - Virtual size: 162B

MEW
Size: - Virtual size: 644KB

�uۊ��
Size: 313KB - Virtual size: 372KB