be713bb1f92715d30560e3932fcc06cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be713bb1f92715d30560e3932fcc06cb_JaffaCakes118
Size

15KB
MD5

be713bb1f92715d30560e3932fcc06cb
SHA1

ec41b070b2fd749c7f3f0efedd48583bbf41eff0
SHA256

6091bcf4dbff3294d19334246cd9c793cedab2ed0599ddc43707195a845fc236
SHA512

6831abeb96f4a5e7d75659e88366a90f837f427cc7ff3bfdedecb9a78230abce068538be52a28ac336e057c79e0ccf32ff07e4af10b1ea7812c5056419b69bb8
SSDEEP

384:pfxrtJy3CE9Kb05Q6q40KlPUXXmqXXaPndYJLy7:xxrtJa9aP83lcnmqnaPILA

Score

1^/10

Malware Config

Signatures

Files

be713bb1f92715d30560e3932fcc06cb_JaffaCakes118
.sys windows:6 windows x64 arch:x64

d204322a94f67c141b8f0c62ff2e482e

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

Issuer

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

Not Before

31/12/2006, 16:00

Not After

31/12/2094, 16:00

Subject

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49
Signer

Actual PE Digest

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\server~1\mfcdev~1\virtua~1\132e6d~1.1\driver\objfre_wlh_amd64\amd64\virtual.pdb

Imports

ntoskrnl.exe

KeSetPriorityThread
PsRevertToSelf
RtlInitUnicodeString
ExInterlockedRemoveHeadList
IoDeleteDevice
ObfDereferenceObject
KeSetEvent
IoCreateDevice
swprintf
ZwQueryInformationFile
KeInitializeEvent
ZwWriteFile
ZwCreateDirectoryObject
SeTokenType
SeCreateClientSecurity
KeDelayExecutionThread
RtlFreeUnicodeString
ZwMakeTemporaryObject
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
SeImpersonateClient
ExAllocatePool
ExInterlockedInsertTailList
PsTerminateSystemThread
ExFreePoolWithTag
ZwClose
RtlAnsiStringToUnicodeString
IofCompleteRequest
ObReferenceObjectByHandle
ZwReadFile
KeWaitForSingleObject
KeBugCheckEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d204322a94f67c141b8f0c62ff2e482e

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 580B

.data Size: 512B - Virtual size: 280B

.pdata Size: 512B - Virtual size: 144B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 936B

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 580B

.data
Size: 512B - Virtual size: 280B

.pdata
Size: 512B - Virtual size: 144B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 936B