75db0c9d191c46ca9f44cd51de3bdb66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75db0c9d191c46ca9f44cd51de3bdb66_JaffaCakes118
Size

181KB
MD5

75db0c9d191c46ca9f44cd51de3bdb66
SHA1

696fa6104f998dc23198c02496e660f2f343f24a
SHA256

4ab1474d4b93cab5fba7415384343f4ccefc21bec1c496c058adc1655f9285c0
SHA512

afa7662c86c3f2b43f3de4b34214a8a1c610e54c5179434e1f8de1ecb5b981c205ba8d611f7c19a2e34a3ea22ed5d647a2af9d515d70e6a90467433ecada8f9b
SSDEEP

3072:GFClE0Ph4b3sFkb2U9oOQqb9IcFsN+msn8REcitf0+R3TKEUw1eR:QClEcWb3sGb2wQq18REztfDRDEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75db0c9d191c46ca9f44cd51de3bdb66_JaffaCakes118

Files

75db0c9d191c46ca9f44cd51de3bdb66_JaffaCakes118
.sys windows:6 windows x86 arch:x86

6e3af75e02479939ca8c95803af0a864

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

netbt.pdb

Imports

ntoskrnl.exe

RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlOemStringToUnicodeString
RtlInitString
MmMapLockedPagesSpecifyCache
RtlAppendStringToString
RtlInitAnsiString
strchr
ExDeleteNPagedLookasideList
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
KeCancelTimer
ZwClose
ZwCancelTimer
ZwSetTimer
ZwCreateTimer
_aulldiv
_allmul
IofCallDriver
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
KeSetTimer
KeInitializeDpc
KeInitializeTimer
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoDeleteDevice
KeDelayExecutionThread
KeClearEvent
ExDeleteResourceLite
IoGetRelatedDeviceObject
RtlCopyUnicodeString
memchr
ZwReadFile
ZwQueryInformationFile
KeEnterCriticalRegion
ZwCreateFile
IoRemoveShareAccess
IofCompleteRequest
IoSetShareAccess
IoCheckShareAccess
SeAccessCheck
ObReferenceObjectByHandle
NtWaitForSingleObject
ZwDeviceIoControlFile
ZwCreateEvent
ZwCreateKey
ExfInterlockedPushEntryList
ExQueueWorkItem
IoFreeWorkItem
IoCancelIrp
IoFileObjectType
MmUserProbeAddress
IoQueueWorkItem
IoAllocateWorkItem
KeInsertQueueDpc
RtlCompareUnicodeString
_vsnprintf
RtlExtendedMagicDivide
MmBuildMdlForNonPagedPool
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlGUIDFromString
RtlIpv4AddressToStringW
RtlAppendUnicodeToString
ZwOpenKey
ZwQueryValueKey
memmove
IoBuildPartialMdl
MmUnmapLockedPages
MmLockPagableDataSection
KeTickCount
KeBugCheckEx
RtlUnwind
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
strncmp
memset
memcpy
IoFreeIrp
IoAllocateIrp
RtlIpv4StringToAddressA
SeDeassignSecurity
_alldiv
RtlGetCallersAddress
RtlExtendedLargeIntegerDivide
KeInitializeSemaphore
IoAllocateMdl
ExfInterlockedInsertHeadList
PsGetCurrentProcess
KeAttachProcess
KeDetachProcess
ExfInterlockedInsertTailList
ObfDereferenceObject
IoFreeMdl
KeWaitForSingleObject
KeResetEvent
KeSetEvent
_stricmp
KeGetCurrentThread
ExSystemTimeToLocalTime
KeInitializeEvent
strrchr
ExInitializeResourceLite
RtlGetVersion
RtlCompareMemory
KeQuerySystemTime
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoAcquireCancelSpinLock
SeAssignSecurity
IoReleaseCancelSpinLock
ExAllocatePoolWithTag
RtlFreeUnicodeString
ExFreePoolWithTag
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwSetValueKey

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock

tdi.sys

TdiEnumerateAddresses
TdiPnPPowerComplete
TdiDeregisterNetAddress
TdiDeregisterDeviceObject
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiProviderReady
TdiInitialize
TdiRegisterProvider
TdiRegisterPnPHandlers
TdiMapUserRequest
TdiDeregisterPnPHandlers
TdiDeregisterProvider
TdiDefaultRcvExpeditedHandler
TdiDefaultConnectHandler
TdiDefaultDisconnectHandler
TdiDefaultErrorHandler
TdiDefaultReceiveHandler
TdiDefaultSendPossibleHandler
TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiDefaultRcvDatagramHandler
TdiBuildNetbiosAddress
TdiPnPPowerRequest

netio.sys

NsiRegisterChangeNotification
NsiGetParameter
NsiAllocateAndGetTable
NsiFreeTable
NsiSetAllParameters
NsiGetAllParameters
NsiDeregisterChangeNotification

ndis.sys

NdisGetThreadObjectCompartmentId
NdisSetThreadObjectCompartmentId

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENBT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e3af75e02479939ca8c95803af0a864

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

tdi.sys

netio.sys

ndis.sys

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 3KB

PAGE Size: 36KB - Virtual size: 35KB

PAGENBT Size: 2KB - Virtual size: 1KB

INIT Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 3KB

PAGE
Size: 36KB - Virtual size: 35KB

PAGENBT
Size: 2KB - Virtual size: 1KB

INIT
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 9KB - Virtual size: 9KB