dae6b9b3b8e39b08b10a51a6457444d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dae6b9b3b8e39b08b10a51a6457444d8_JaffaCakes118
Size

20KB
MD5

dae6b9b3b8e39b08b10a51a6457444d8
SHA1

3ee5e964f0a751e93a2a56f7d09a8154182b6056
SHA256

9e14bc163a69b76ae649ee385e8d02bbe9486e98c818b56b09d94f31c89158ad
SHA512

e4dbe2b83e641c3f7679baf3e4d86f697f2d355dd569516deccfdc849f7626fc5a90b24fa58eea1d03993a7c680c108215625fd5ffe94f14e29230876d8c3164
SSDEEP

384:ivHBSlFTL93eIHV/wo6yVeQErp1WNU/wWWWf8e7xnfjt:iZSlxUIHV/wUeQErSNU/ee7T

Score

1^/10

Malware Config

Signatures

Files

dae6b9b3b8e39b08b10a51a6457444d8_JaffaCakes118
.sys windows:6 windows x86 arch:x86

8e9346171b0accc7527380c89ac2563f

Code Sign

58:67:3a:70:dc:0d:e7:b2:42:56:03:aa:7f:c9:2b:52
Certificate

Issuer

CN=Microsoft Certificate Authority

Not Before

31/12/2009, 16:00

Not After

30/12/2035, 16:00

Subject

CN=Microsoft Certificate Authority

83:74:bf:3a:11:34:59:70:21:b9:c5:95:4f:ae:94:ad:5a:f0:7a:69
Signer

Actual PE Digest

83:74:bf:3a:11:34:59:70:21:b9:c5:95:4f:ae:94:ad:5a:f0:7a:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeDelayExecutionThread
_allmul
PsGetVersion
MmGetSystemRoutineAddress
memset
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmIsAddressValid
memcpy
IoGetCurrentProcess
ZwOpenEvent
KeStackAttachProcess
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
IoGetDeviceObjectPointer
wcsncpy
ExAllocatePool
ObQueryNameString
ObReferenceObjectByHandle
ZwQueryValueKey
_wcsnicmp
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwSaveKey
KeTickCount
KeBugCheckEx
ZwCreateEvent
KeUnstackDetachProcess
ZwClose
RtlUnwind

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e9346171b0accc7527380c89ac2563f

Code Sign

58:67:3a:70:dc:0d:e7:b2:42:56:03:aa:7f:c9:2b:52Certificate

83:74:bf:3a:11:34:59:70:21:b9:c5:95:4f:ae:94:ad:5a:f0:7a:69Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 64B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 2KB - Virtual size: 1KB

58:67:3a:70:dc:0d:e7:b2:42:56:03:aa:7f:c9:2b:52
Certificate

83:74:bf:3a:11:34:59:70:21:b9:c5:95:4f:ae:94:ad:5a:f0:7a:69
Signer

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 64B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 2KB - Virtual size: 1KB