c0dab0f8deff46565e5f266766689d39_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0dab0f8deff46565e5f266766689d39_JaffaCakes118
Size

48KB
MD5

c0dab0f8deff46565e5f266766689d39
SHA1

693f60f38cafdec9b6474db08bb26ddd638554d6
SHA256

097379d5a0e2d516d585611e9e6a9805617ed67ef9adf14b1ee9e44ce0f64eae
SHA512

4952319227a26d1d30f1a36bfa4e01e345d91b0500069710ab7cfa4e41d2c38c6c210aef04403e097972c01247359d879e5e0f961a197cc4d31cd29b51fb4625
SSDEEP

768:DtOvlVXLXLp8AO6FPSYIvIyJCwh5lKe4ExHtq6Cbf2Q+IRNJ4r6MZ:DtY3HVaxdHoUqNJ4r6C

Score

1^/10

Malware Config

Signatures

Files

c0dab0f8deff46565e5f266766689d39_JaffaCakes118
.sys windows:10 windows x64 arch:x64

7ad0d97401581eb1f977a80d78ebc4b6

Code Sign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/05/2014, 00:00

Not After

16/05/2015, 23:59

Subject

CN=Beijing JoinHope Image Technology Ltd.,O=Beijing JoinHope Image Technology Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:fc:4e:06:5a:09:ec:cd:86:32:5d:b0:ee:c9:74:98:fd:3e:73:35
Signer

Actual PE Digest

9b:fc:4e:06:5a:09:ec:cd:86:32:5d:b0:ee:c9:74:98:fd:3e:73:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\驱动\LookFile\KMDF_LOOK\Release\KMDF_LOOK_64.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltGetRequestorProcessId

ntoskrnl.exe

ExFreePoolWithTag
MmGetSystemRoutineAddress
PsGetVersion
ObfDereferenceObject
ZwClose
ZwOpenProcess
PsLookupProcessByProcessId
ZwQueryInformationProcess
PsGetProcessImageFileName
RtlIntegerToUnicodeString
RtlFreeUnicodeString
ZwCreateKey
ZwOpenKey
ZwSetValueKey
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
__C_specific_handler
KeDelayExecutionThread
RtlCopyUnicodeString
RtlFreeAnsiString
DbgPrint
ExAllocatePoolWithTag
CmUnRegisterCallback
PsCreateSystemThread
PsTerminateSystemThread
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
ZwCreateFile
ZwWriteFile
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
PsSetCreateProcessNotifyRoutineEx
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeStackAttachProcess
KeUnstackDetachProcess
PsGetProcessInheritedFromUniqueProcessId
PsThreadType
RtlUpcaseUnicodeChar
RtlRaiseException
KeBugCheckEx
ExAllocatePool
RtlEqualUnicodeString
RtlInitUnicodeString
ExFreePool
IoFileObjectType

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 591B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad0d97401581eb1f977a80d78ebc4b6

Code Sign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7cCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9b:fc:4e:06:5a:09:ec:cd:86:32:5d:b0:ee:c9:74:98:fd:3e:73:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltmgr.sys

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 10KB - Virtual size: 28KB

.pdata Size: 1024B - Virtual size: 936B

PAGE Size: 1024B - Virtual size: 591B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 68B

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9b:fc:4e:06:5a:09:ec:cd:86:32:5d:b0:ee:c9:74:98:fd:3e:73:35
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 10KB - Virtual size: 28KB

.pdata
Size: 1024B - Virtual size: 936B

PAGE
Size: 1024B - Virtual size: 591B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 68B