f9e89817b5f73d733edf6b9218f6c9f2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9e89817b5f73d733edf6b9218f6c9f2_JaffaCakes118
Size

510KB
MD5

f9e89817b5f73d733edf6b9218f6c9f2
SHA1

adb30e7557a385bc5b5de16e8061b50d60e4126a
SHA256

029a517480a5cc0b492ac1b3ecf18dda3ea6ce4bd4c141b442094c83530f2e79
SHA512

20db0088e7a1a6fee0baf0369c174726245859b4b43bde6e938481da9779cb62676e76998661b0a462f7faa3dba669617e4f8d7a16235f98853cca2a14168e43
SSDEEP

12288:G38EoFRJretUTrt6lw3Zf9l7vty0s7qjJmxZIFCH6P:GMEgRJLTrklwpf9HfsKmxomq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9e89817b5f73d733edf6b9218f6c9f2_JaffaCakes118

Files

f9e89817b5f73d733edf6b9218f6c9f2_JaffaCakes118
.sys windows:6 windows x86 arch:x86

c018222155124e4cb4e5f12e57b53e8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\drv\dist\win7\usbkbd\win7_release_obj\usbkbd.pdb

Imports

ntoskrnl.exe

ZwSetInformationFile
RtlCompareMemory
ZwReadFile
ZwWriteFile
ExAllocatePool
RtlInitUnicodeString
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlAppendUnicodeToString
memcpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQueryTimeIncrement
KeTickCount
_allmul
ZwAllocateVirtualMemory
ZwOpenProcess
ZwFreeVirtualMemory
KeDelayExecutionThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
ObfDereferenceObject
PsCreateSystemThread
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ZwNotifyChangeKey
KeCancelTimer
KeSetTimerEx
_wcsicmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
memmove
PsLookupProcessByProcessId
RtlTimeToTimeFields
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
_except_handler3
MmUnmapLockedPages
MmUnsecureVirtualMemory
ObQueryNameString
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ExUuidCreate
strstr
KeWaitForSingleObject
MmUnlockPages
MmProbeAndLockProcessPages
KeSetEvent
KeDetachProcess
KeAttachProcess
KeClearEvent
KeWaitForMultipleObjects
memset
NtAllocateVirtualMemory
KeInitializeEvent
KeInsertQueueApc
KeInitializeApc
PsLookupThreadByThreadId
PsGetCurrentThreadId
IoCreateSynchronizationEvent
KeResetEvent
MmProbeAndLockPages
MmIsAddressValid
ZwQueryInformationFile
KeAddSystemServiceTable
PsGetCurrentProcessId
ExGetPreviousMode
ExfInterlockedInsertTailList
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
NtAddAtom
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCompareString
RtlInitString
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
IofCompleteRequest
ExfInterlockedInsertHeadList
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
wcsncat
IoDetachDevice
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
PsTerminateSystemThread
KeReleaseMutex
KeReadStateEvent
PsSetCreateProcessNotifyRoutine
ExfInterlockedRemoveHeadList
KeSetTimer
ExRegisterCallback
ExCreateCallback
KeInitializeTimerEx
IoCreateNotificationEvent
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ExInitializeResourceLite
InitSafeBootMode
PsGetVersion
ExIsResourceAcquiredExclusiveLite
ExAcquireResourceSharedLite
ExIsResourceAcquiredSharedLite
IoBuildDeviceIoControlRequest
ZwOpenFile
ZwWaitForSingleObject
ZwQueryDirectoryFile
ZwCreateEvent
RtlEqualUnicodeString
qsort
bsearch
ZwFsControlFile
ZwDeviceIoControlFile
ZwQueryVolumeInformationFile
ZwOpenSection
ZwCreateSection
ZwUnmapViewOfSection
ZwMapViewOfSection
IoGetDeviceObjectPointer
KeBugCheckEx
ZwCreateFile
ZwClose
wcsncpy
ExFreePoolWithTag
KeServiceDescriptorTable
ExAllocatePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c018222155124e4cb4e5f12e57b53e8a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 118KB - Virtual size: 118KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 201KB - Virtual size: 200KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 118KB - Virtual size: 118KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 201KB - Virtual size: 200KB

.reloc
Size: 9KB - Virtual size: 9KB