69229359833bb284389e885e50895935_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69229359833bb284389e885e50895935_JaffaCakes118
Size

123KB
MD5

69229359833bb284389e885e50895935
SHA1

8d46736e9c59206ca931ed986ca8118a6fda4fe6
SHA256

1c7fe3e318fca70ba656a1ef32eb6b0350a4eabbbe5e8e5ec6019a742c0b6c49
SHA512

55eef89a99d3eca41a82cf82bc9f1cdd32545fbacaee3d1ac5aab66b9317d8e0323f8b35c5d89a475034e60b16dbdc968f84c749859533e75f80ad25dcbcd4f4
SSDEEP

3072:8v7uaw95lQM5SBuTiaLMN+odQdhkMvlL3b/QGh:qdw95lQS2jHaGGh

Score

1^/10

Malware Config

Signatures

Files

69229359833bb284389e885e50895935_JaffaCakes118
.sys windows:4 windows x86 arch:x86

edaf1008a4f4cc2093cc5f1dc229a697

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/12/2007, 00:00

Not After

12/12/2008, 23:59

Subject

CN=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security,O=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwDeleteKey
ZwOpenKey
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
KeServiceDescriptorTable
MmIsAddressValid
_except_handler3
wcscpy
ZwQueryValueKey
memset
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
memcpy
ZwWriteFile
ZwCreateFile
wcscat
PsGetVersion
MmGetSystemRoutineAddress
strncmp
strlen
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
IoDeleteSymbolicLink
IofCompleteRequest
strcpy
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeSetEvent
PsTerminateSystemThread
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwOpenProcess
ObfDereferenceObject
PsLookupProcessByProcessId

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edaf1008a4f4cc2093cc5f1dc229a697

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 804B

.data Size: 512B - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 552B

.reloc Size: 1024B - Virtual size: 722B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3e
Certificate

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 804B

.data
Size: 512B - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 552B

.reloc
Size: 1024B - Virtual size: 722B