b3c8125e10ba9d1b22f4a4dcd868b9d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3c8125e10ba9d1b22f4a4dcd868b9d7_JaffaCakes118
Size

1.1MB
MD5

b3c8125e10ba9d1b22f4a4dcd868b9d7
SHA1

0724f091014a598c645ddbb5e479e5bb4a15a72f
SHA256

6e4aeef8218157ad6e6db25b38fe13ae2f6e8e10c90265373fd548c63d19dedb
SHA512

60e8245c3790141749c2c26042b6cbca468d64e2e6972b9c808eaf7e74c2e0721233f6e7aad6d104a7c972339343044bd11050685aab1f379578fce2009ac90c
SSDEEP

24576:SlLyAl7tWj1uLrMb0PQWPzzxB+/q2zivc+6KYvdswsgch0:SlukgMXvvkq2uRYvdsw+e

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InjectorDll.exe
unpack001/RXD.dll
unpack001/RXD.sys

Files

b3c8125e10ba9d1b22f4a4dcd868b9d7_JaffaCakes118
.rar
InjectorDll.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RXD.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

redxd10
redxd11
redxd12
redxd13
redxd14
redxd15
redxd16
redxd17
redxd18
redxd19
test
zenos20
zenos21
zenos22
zenos23
zenos24
zenos25
zenos26
zenos27
zenos28
zenos29
zenos30
zenos31
zenos32
zenos33
zenos34
zenos35
zenos36
zenos37
zenos38
zenos39
zenos4
zenos40
zenos41
zenos42
zenos43
zenos44
zenos45
zenos46
zenos47
zenos48
zenos49
zenos5
zenos50
zenos51
zenos52
zenos53
zenos54
zenos6
zenos7
zenos8
zenos9

Sections

CODE
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 977B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RXD.sys
.sys windows:5 windows x86 arch:x86

213b125df87e67d8c4bb8d564aa53e59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\zenose~1\dbkker~1\objfre_wxp_x86\i386\zenos.pdb

Imports

ntoskrnl.exe

KeInitializeApc
KeGetCurrentThread
ExAllocatePoolWithTag
ZwOpenProcess
IofCompleteRequest
ZwAllocateVirtualMemory
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQuerySystemInformation
PsSetLoadImageNotifyRoutine
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
KeDetachProcess
MmGetPhysicalAddress
KeStackAttachProcess
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ObfDereferenceObject
ZwOpenThread
ObOpenObjectByPointer
MmGetSystemRoutineAddress
KeInsertQueueApc
PsLookupProcessByProcessId
_except_handler3
IoDeleteSymbolicLink
IoDeleteDevice
KeInitializeSpinLock
KeClearEvent
IoCreateNotificationEvent
IoAllocateWorkItem
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ZwOpenKey
PsGetCurrentProcessId
RtlFreeAnsiString
RtlUpperString
RtlUnicodeStringToAnsiString
_local_unwind2
PsLookupThreadByThreadId
KeSetEvent
KeWaitForSingleObject
KeReleaseSemaphore
KeTickCount
KeBugCheckEx
KeDelayExecutionThread
ExFreePoolWithTag
RtlInitUnicodeString
DbgPrint

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver.dat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 2.2MB - Virtual size: 2.2MB

DATA Size: 38KB - Virtual size: 37KB

BSS Size: - Virtual size: 7KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 148KB - Virtual size: 148KB

.rsrc Size: 643KB - Virtual size: 642KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 95KB - Virtual size: 94KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 1024B - Virtual size: 977B

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 6KB - Virtual size: 6KB

213b125df87e67d8c4bb8d564aa53e59

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 768B - Virtual size: 756B

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

CODE
Size: 2.2MB - Virtual size: 2.2MB

DATA
Size: 38KB - Virtual size: 37KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 643KB - Virtual size: 642KB

CODE
Size: 95KB - Virtual size: 94KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 1024B - Virtual size: 977B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 768B - Virtual size: 756B

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB