c971e9a5c57fcd24419b8a358c6330c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c971e9a5c57fcd24419b8a358c6330c9_JaffaCakes118
Size

33KB
MD5

c971e9a5c57fcd24419b8a358c6330c9
SHA1

9380a86ca833c35cc53685d411fd94d72e82cc70
SHA256

c5503b6a443d4a30bb3c7ab7586c10b637d4830f57be0151f3d2be235ba2b694
SHA512

8ace837c243c1f685c5509ed1c6fb28014ca01e5ae794bb1830a6ded43915e679056f273560a05c308ecf5b749b902768edb3bcc033e229520ac38e003c1ce65
SSDEEP

768:rOLkoULRG1NbIb9wbEPaeSKifXxKQ/ycVUcHjCRhdVDA:rOQVG1NUBwCfSz3qNTRhdO

Score

1^/10

Malware Config

Signatures

Files

c971e9a5c57fcd24419b8a358c6330c9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

9fae0d13ba6ea9331179dd6e8ab1c19d

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

40:7d:5f:64:1f:b1:e3:71:2c:a9:7e:98:d6:8a:f0:cb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/08/2007, 00:00

Not After

20/08/2008, 23:59

Subject

CN=Malwarebytes,O=Malwarebytes,POSTALCODE=60106,STREET=147 Henderson St.,L=Bensenville,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:2b:32:e2:1f:85:26:87:b1:e0:82:bd:b1:e8:06:ad:a9:74:f1:2f
Signer

Actual PE Digest

cf:2b:32:e2:1f:85:26:87:b1:e0:82:bd:b1:e8:06:ad:a9:74:f1:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\projects\cpp\gmer\catchme.sys\objfre_wxp_x86\i386\catchme.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
_except_handler3
ExAllocatePoolWithTag
MmMapLockedPages
_wcsicmp
MmIsAddressValid
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
PsLookupProcessByProcessId
KeDetachProcess
KeAttachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
PsGetCurrentProcessId
IofCompleteRequest
wcscpy
IoCreateSymbolicLink
IoCreateDevice
_snwprintf
wcsrchr
PsGetVersion
wcslen
wcsncpy
RtlCompareUnicodeString
_wcsnicmp
ZwClose
IoGetBaseFileSystemDeviceObject
ZwOpenFile
ZwDeleteFile
ZwCreateFile
KeTickCount
ZwReadFile
ZwQueryInformationFile
ZwWriteFile
strncpy
NtClose
ZwSetInformationFile
strncmp
IoGetCurrentProcess
_stricmp
ZwQuerySystemInformation
MmGetSystemRoutineAddress
KeDelayExecutionThread
KeWaitForSingleObject
RtlVolumeDeviceToDosName
ObfReferenceObject
IoGetDeviceObjectPointer
wcschr
wcsncmp
KeGetCurrentThread
KeBugCheckEx

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fae0d13ba6ea9331179dd6e8ab1c19d

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

40:7d:5f:64:1f:b1:e3:71:2c:a9:7e:98:d6:8a:f0:cbCertificate

Extended Key Usages

Key Usages

cf:2b:32:e2:1f:85:26:87:b1:e0:82:bd:b1:e8:06:ad:a9:74:f1:2fSigner

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

40:7d:5f:64:1f:b1:e3:71:2c:a9:7e:98:d6:8a:f0:cb
Certificate

cf:2b:32:e2:1f:85:26:87:b1:e0:82:bd:b1:e8:06:ad:a9:74:f1:2f
Signer

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB