788fe1bfd814ac190a0fc3dbc26089a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

788fe1bfd814ac190a0fc3dbc26089a1_JaffaCakes118
Size

1.1MB
MD5

788fe1bfd814ac190a0fc3dbc26089a1
SHA1

592da44cc86c44e71e7c185da70debca40be36d0
SHA256

c584aa18020304f01e99acf8901c267d926c9d75584d5b80423ac378a2d42d2a
SHA512

648863a245f80f4c11d0f3e2e42e388b115f5d46d8e7b82c79e9e1bb52e1512828433ae15077b97cf430b68e8d57236f0ccbc32c28e02cb46c945c9b29dd7a05
SSDEEP

24576:jnuuP74iB7mIeReZyi19fhSF914nl0yjQSG1gj6ZSBuyyqstyI0f0sJse1G//CL:57jBS7IZf195GSlrj/7dCtyI0rY/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InjectorDll.exe
unpack001/RXD.dll
unpack001/RXD.sys

Files

788fe1bfd814ac190a0fc3dbc26089a1_JaffaCakes118
.rar
InjectorDll.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RXD.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

redxd10
redxd11
redxd12
redxd13
redxd14
redxd15
redxd16
redxd17
redxd18
redxd19
test
zenos20
zenos21
zenos22
zenos23
zenos24
zenos25
zenos26
zenos27
zenos28
zenos29
zenos30
zenos31
zenos32
zenos33
zenos34
zenos35
zenos36
zenos37
zenos38
zenos39
zenos4
zenos40
zenos41
zenos42
zenos43
zenos44
zenos45
zenos46
zenos47
zenos48
zenos49
zenos5
zenos50
zenos51
zenos52
zenos53
zenos54
zenos6
zenos7
zenos8
zenos9

Sections

CODE
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 977B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RXD.sys
.sys windows:5 windows x86 arch:x86

213b125df87e67d8c4bb8d564aa53e59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\zenose~1\dbkker~1\objfre_wxp_x86\i386\zenos.pdb

Imports

ntoskrnl.exe

KeInitializeApc
KeGetCurrentThread
ExAllocatePoolWithTag
ZwOpenProcess
IofCompleteRequest
ZwAllocateVirtualMemory
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQuerySystemInformation
PsSetLoadImageNotifyRoutine
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
KeDetachProcess
MmGetPhysicalAddress
KeStackAttachProcess
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ObfDereferenceObject
ZwOpenThread
ObOpenObjectByPointer
MmGetSystemRoutineAddress
KeInsertQueueApc
PsLookupProcessByProcessId
_except_handler3
IoDeleteSymbolicLink
IoDeleteDevice
KeInitializeSpinLock
KeClearEvent
IoCreateNotificationEvent
IoAllocateWorkItem
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ZwOpenKey
PsGetCurrentProcessId
RtlFreeAnsiString
RtlUpperString
RtlUnicodeStringToAnsiString
_local_unwind2
PsLookupThreadByThreadId
KeSetEvent
KeWaitForSingleObject
KeReleaseSemaphore
KeTickCount
KeBugCheckEx
KeDelayExecutionThread
ExFreePoolWithTag
RtlInitUnicodeString
DbgPrint

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver.dat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 2.2MB - Virtual size: 2.2MB

DATA Size: 38KB - Virtual size: 37KB

BSS Size: - Virtual size: 7KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 148KB - Virtual size: 148KB

.rsrc Size: 643KB - Virtual size: 642KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 95KB - Virtual size: 94KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 1024B - Virtual size: 977B

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 6KB - Virtual size: 6KB

213b125df87e67d8c4bb8d564aa53e59

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 768B - Virtual size: 756B

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

CODE
Size: 2.2MB - Virtual size: 2.2MB

DATA
Size: 38KB - Virtual size: 37KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 643KB - Virtual size: 642KB

CODE
Size: 95KB - Virtual size: 94KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 1024B - Virtual size: 977B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 768B - Virtual size: 756B

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB