7180102a47fd043cdd25d0d527c43c56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7180102a47fd043cdd25d0d527c43c56_JaffaCakes118
Size

60KB
MD5

7180102a47fd043cdd25d0d527c43c56
SHA1

705dec34df45dd80be7230152e7457bb3dd227b0
SHA256

10c54d709eb0c6b260c12e90598d3a8ba87de7ae1ed9a74e823c849faf7f4ca0
SHA512

adda7d6ec02e6456ea4eac0154a8478a104991c3529f49ec322c5c99050a9dfcb710ebe2990de2ba59786317e8d0deff363f01caa63b61c6b900a336b5ebd3b4
SSDEEP

1536:Go7kM/taRCdwv3eDEmE6L9RsxNtrMr7PgSJu1XlpQcN3hs/K:GsTuCdftsNtYrDRYQiaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setupdrv.exe

Files

7180102a47fd043cdd25d0d527c43c56_JaffaCakes118
.zip
driver/mv2.cat
driver/mv2.dll
.dll windows:5 windows x86 arch:x86

cf30aa1dec57684bab2a6d4ee75a9479

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:2d:b7:1b:26:2b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2011, 07:27

Not After

25/01/2012, 07:27

Subject

CN=Biz Secure Labs Pvt. Ltd.,OU=Technical,O=Biz Secure Labs Pvt. Ltd.,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:98:1d:bb:c8:95:6f:0b:01:bb:27:a7:79:4d:c1:89:3c:af:70:75
Signer

Actual PE Digest

24:98:1d:bb:c8:95:6f:0b:01:bb:27:a7:79:4d:c1:89:3c:af:70:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WinDDK\3790\src\video\displays\mv2_vncdrv\objfre_wxp_x86\i386\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/mv2.inf
driver/mv2.sys
.sys windows:6 windows x86 arch:x86

518167d6aeefde1975592d28cbae7110

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:2d:b7:1b:26:2b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2011, 07:27

Not After

25/01/2012, 07:27

Subject

CN=Biz Secure Labs Pvt. Ltd.,OU=Technical,O=Biz Secure Labs Pvt. Ltd.,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:e0:99:50:f2:b8:f3:87:e7:64:77:1e:71:b6:9a:bb:07:ed:73:91
Signer

Actual PE Digest

11:e0:99:50:f2:b8:f3:87:e7:64:77:1e:71:b6:9a:bb:07:ed:73:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdb

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 256B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setupdrv.exe
.exe windows:4 windows x86 arch:x86

f4a7b11877d1f4e6c4a128894847394e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupDiGetDeviceInstallParamsA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
VirtualAlloc
HeapSize
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
SetStdHandle
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LockResource
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
CreateFileA
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
RaiseException
Sleep
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA

user32

SendMessageA
FindWindowA
CharNextA
EnumDisplayDevicesA
EnumDisplaySettingsA
GetSystemMetrics
MessageBoxA
LoadStringA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf30aa1dec57684bab2a6d4ee75a9479

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2d:b7:1b:26:2bCertificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

24:98:1d:bb:c8:95:6f:0b:01:bb:27:a7:79:4d:c1:89:3c:af:70:75Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

win32k.sys

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 640B - Virtual size: 625B

.data Size: 896B - Virtual size: 816B

INIT Size: 640B - Virtual size: 606B

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 256B - Virtual size: 254B

518167d6aeefde1975592d28cbae7110

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2d:b7:1b:26:2bCertificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

11:e0:99:50:f2:b8:f3:87:e7:64:77:1e:71:b6:9a:bb:07:ed:73:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

videoprt.sys

Sections

.text Size: 256B - Virtual size: 188B

.rdata Size: 256B - Virtual size: 158B

.data Size: 128B - Virtual size: 8B

INIT Size: 256B - Virtual size: 238B

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 128B - Virtual size: 46B

f4a7b11877d1f4e6c4a128894847394e

Headers

File Characteristics

Imports

version

setupapi

kernel32

user32

advapi32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

01:00:00:00:00:01:2d:b7:1b:26:2b
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

24:98:1d:bb:c8:95:6f:0b:01:bb:27:a7:79:4d:c1:89:3c:af:70:75
Signer

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 640B - Virtual size: 625B

.data
Size: 896B - Virtual size: 816B

INIT
Size: 640B - Virtual size: 606B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 256B - Virtual size: 254B

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

01:00:00:00:00:01:2d:b7:1b:26:2b
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

11:e0:99:50:f2:b8:f3:87:e7:64:77:1e:71:b6:9a:bb:07:ed:73:91
Signer

.text
Size: 256B - Virtual size: 188B

.rdata
Size: 256B - Virtual size: 158B

.data
Size: 128B - Virtual size: 8B

INIT
Size: 256B - Virtual size: 238B

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 128B - Virtual size: 46B

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB