be500acb10f00c90f9538ca53548d0e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be500acb10f00c90f9538ca53548d0e5_JaffaCakes118
Size

2.0MB
MD5

be500acb10f00c90f9538ca53548d0e5
SHA1

c015e43aff9b200879ea5bf2e73e3002b67b824b
SHA256

a221e9a5fa8a73cdb825a2ac100fe887f71032acbce5887c302b6436c1e13cbd
SHA512

caf039c4bbf4b1adc61d4591d6bba880a347a0268857d3a8b1bb3e0ffc739ba358aae56630cc00560e4576731a13e7e72ed1d6f636af73cbf3dadf8ceb01022c
SSDEEP

49152:Qn4qkaid0eoEMaOqTRwJoYpDDExyuFpvfa2tFdbOWMCRs0EW:Qn4qpVUOFJoYFDExy6ZfaimuJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FreshDiagnose/FreshIO.sys
unpack001/FreshDiagnose/fbench.dll
unpack001/FreshDiagnose/fdiag.exe

Files

be500acb10f00c90f9538ca53548d0e5_JaffaCakes118
.rar
FreshDiagnose/FreshIO.sys
.sys windows:5 windows x86 arch:x86

57cd63ce7cc843656d860067b8a3c71f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
MmMapIoSpace
MmUnmapIoSpace
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
MmFreeNonCachedMemory
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
MmAllocateNonCachedMemory

Sections

.text
Size: 608B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FreshDiagnose/FreshVxD.vxd
FreshDiagnose/PCIDEVS.TXT
FreshDiagnose/fbench.dll
.dll windows:4 windows x86 arch:x86

96abf53e78d9f07c27024c1e3b4de0aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
VirtualQuery
SetThreadPriority
SetPriorityClass
GetVersionExA
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetDiskFreeSpaceA
GetCurrentThread
GetCurrentProcess
GetCPInfo
FreeLibrary
EnumCalendarInfoA
Sleep

Exports

Exports

BenchmarkCPU
GetCPUSpeedEx

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FreshDiagnose/fdiag.chm
.chm
FreshDiagnose/fdiag.dat
FreshDiagnose/fdiag.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 78KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FreshDiagnose/license.txt
FreshDiagnose/readme.txt
FreshDiagnose/styles.dat

Sharing

General

Malware Config

Signatures

Files

57cd63ce7cc843656d860067b8a3c71f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 608B - Virtual size: 598B

.rdata Size: 160B - Virtual size: 148B

.data Size: 32B - Virtual size: 4B

INIT Size: 416B - Virtual size: 396B

.reloc Size: 96B - Virtual size: 76B

96abf53e78d9f07c27024c1e3b4de0aa

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.itext Size: 512B - Virtual size: 332B

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 23KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 98B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

CODE Size: 2.2MB - Virtual size: 2.2MB

DATA Size: 12KB - Virtual size: 12KB

BSS Size: - Virtual size: 78KB

.idata Size: 15KB - Virtual size: 15KB

.tls Size: - Virtual size: 36B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 127KB - Virtual size: 126KB

.rsrc Size: 850KB - Virtual size: 850KB

.text
Size: 608B - Virtual size: 598B

.rdata
Size: 160B - Virtual size: 148B

.data
Size: 32B - Virtual size: 4B

INIT
Size: 416B - Virtual size: 396B

.reloc
Size: 96B - Virtual size: 76B

.text
Size: 33KB - Virtual size: 33KB

.itext
Size: 512B - Virtual size: 332B

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 98B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 2.2MB - Virtual size: 2.2MB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: - Virtual size: 78KB

.idata
Size: 15KB - Virtual size: 15KB

.tls
Size: - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 127KB - Virtual size: 126KB

.rsrc
Size: 850KB - Virtual size: 850KB