65f6850e1200329394594f3ccb3477f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65f6850e1200329394594f3ccb3477f3_JaffaCakes118
Size

28KB
MD5

65f6850e1200329394594f3ccb3477f3
SHA1

67541ebdcad7823fa5787bb9e1ed68152fbfccc9
SHA256

455987afec0d0bd0114af6c76a9aee13cc4715a4fa9af5c9dd616824bd4bcc6d
SHA512

7257bc4545fd48e36ba0ee1c5b12a363ba8e2affcf705c60200f080a28b9c1994b0f74162500bf8004c23872dd6af8ddbf7160ffd441e4aaf38967efcb097faa
SSDEEP

384:vu6113/1+5mbbzCrkH8eUsvVuDNOHKcIlUeqqwTIIFgL9B0pp70/CvGcopPxN5R:vuIbfhvV+MqFfsFEBravGco1xNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/migbot/migloader/MIGBOT.sys
unpack001/migbot/migloader/Release/migloader.exe

Files

65f6850e1200329394594f3ccb3477f3_JaffaCakes118
.zip
migbot/ReadmeNow.txt
migbot/migdriver/MAKEFILE
migbot/migdriver/SOURCES
migbot/migdriver/migsys.c
migbot/migdriver/update.bat
migbot/migloader/MIGBOT.sys
.sys windows:5 windows x86 arch:x86

f1ebfdb5184c8fb36636e611d243e6ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\VICE\migbot\migdriver\objchk_w2k\i386\MIGBOT.pdb

Imports

ntoskrnl.exe

NtDeviceIoControlFile
SeAccessCheck
ExAllocatePoolWithTag
DbgPrint

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 150B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migbot/migloader/Release/migloader.exe
.exe windows:4 windows x86 arch:x86

d3b63cc658eb267fde62975efc4ae9e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindResourceA
LoadResource
WriteFile
SizeofResource
GetProcAddress
LockResource
GetModuleHandleA
CloseHandle
HeapAlloc
HeapFree
WideCharToMultiByte
ExitProcess
GetStdHandle
TerminateProcess
GetCurrentProcess
VirtualFree
VirtualAlloc
HeapReAlloc
GetLastError
FlushFileBuffers
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetStdHandle
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo

Sections

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
migbot/migloader/main.cpp
migbot/migloader/migloader.rc
migbot/migloader/migloader.sln
migbot/migloader/migloader.suo
migbot/migloader/migloader.vcproj
.xml
migbot/migloader/resource.h

Sharing

General

Malware Config

Signatures

Files

f1ebfdb5184c8fb36636e611d243e6ff

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 256B - Virtual size: 136B

INIT Size: 256B - Virtual size: 150B

.reloc Size: 128B - Virtual size: 50B

d3b63cc658eb267fde62975efc4ae9e9

Headers

File Characteristics

Imports

kernel32

Sections

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 256B - Virtual size: 136B

INIT
Size: 256B - Virtual size: 150B

.reloc
Size: 128B - Virtual size: 50B

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 2KB