076ef1023818dcd01cc2f8b8fafe41b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

076ef1023818dcd01cc2f8b8fafe41b2_JaffaCakes118
Size

182KB
MD5

076ef1023818dcd01cc2f8b8fafe41b2
SHA1

103ac4c6799db2b4ea691af3b5001de58d9d5f70
SHA256

b1b0ff8647b24dcd6b0f91b6f9d6cfadb3262277e6309b4705fd513e331bcf46
SHA512

42ca4e4e24143407e96acc82a83bdd235123bfc65ff2ce521423d54b8f08610e4a7380b355f5ee7e23f722dbcf89798dd04fd54bbd82318e4d7a20512939cef0
SSDEEP

3072:20elPo1udYX+nNWl9/n+d+ueOUdAVEeTge0LeKYhrWrXFwyBJ3g3exq8wvG06Mu4:20EPPGX+nNAMCOSAVEeULyWrmyj3g3Ss

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Martech_box_III_drivers/MRT_box2.dll
unpack001/Martech_box_III_drivers/MRT_box2.sys
unpack001/Martech_box_III_drivers/MRTboxun.exe

Files

076ef1023818dcd01cc2f8b8fafe41b2_JaffaCakes118
.zip
Martech_box_III_drivers/MRT_box2.dll
.dll windows:4 windows x86 arch:x86

cb99f64eeaefc5e759585f9cc619ed0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
CloseHandle
ReadFile
WriteFile
GetOverlappedResult
CancelIo
SetLastError
TlsGetValue
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
DeleteCriticalSection
ExitProcess
RtlUnwind
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
DeviceIoControl
TlsSetValue
TlsAlloc
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

Exports

Exports

FT_Close
FT_ClrDtr
FT_ClrRts
FT_CreateDeviceInfoList
FT_CyclePort
FT_EE_Program
FT_EE_ProgramEx
FT_EE_Read
FT_EE_ReadEx
FT_EE_UARead
FT_EE_UASize
FT_EE_UAWrite
FT_EraseEE
FT_GetBitMode
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetEventStatus
FT_GetLatencyTimer
FT_GetModemStatus
FT_GetQueueStatus
FT_GetStatus
FT_IoCtl
FT_ListDevices
FT_Open
FT_OpenEx
FT_Purge
FT_Read
FT_ReadEE
FT_ResetDevice
FT_ResetPort
FT_RestartInTask
FT_SetBaudRate
FT_SetBitMode
FT_SetBreakOff
FT_SetBreakOn
FT_SetChars
FT_SetDataCharacteristics
FT_SetDivisor
FT_SetDtr
FT_SetEventNotification
FT_SetFlowControl
FT_SetLatencyTimer
FT_SetResetPipeRetryCount
FT_SetRts
FT_SetTimeouts
FT_SetUSBParameters
FT_SetWaitMask
FT_StopInTask
FT_W32_CancelIo
FT_W32_ClearCommBreak
FT_W32_ClearCommError
FT_W32_CloseHandle
FT_W32_CreateFile
FT_W32_EscapeCommFunction
FT_W32_GetCommModemStatus
FT_W32_GetCommState
FT_W32_GetCommTimeouts
FT_W32_GetLastError
FT_W32_GetOverlappedResult
FT_W32_PurgeComm
FT_W32_ReadFile
FT_W32_SetCommBreak
FT_W32_SetCommMask
FT_W32_SetCommState
FT_W32_SetCommTimeouts
FT_W32_SetupComm
FT_W32_WaitCommEvent
FT_W32_WriteFile
FT_WaitOnMask
FT_Write
FT_WriteEE

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Martech_box_III_drivers/MRT_box2.inf
Martech_box_III_drivers/MRT_box2.sys
.sys windows:5 windows x86 arch:x86

0bd9ba296ddc95e498524aaa1ff9a5a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
KeInitializeEvent
KeInitializeSpinLock
KeInitializeTimer
KeInitializeDpc
PoSetPowerState
IofCallDriver
RtlFreeUnicodeString
IoCreateDevice
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
ExFreePool
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeSetEvent
InterlockedDecrement
ExAllocatePoolWithTag
InterlockedIncrement
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
IoGetDeviceProperty
RtlInitUnicodeString
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
ExQueueWorkItem
InterlockedExchange
IoIsWdmVersionAvailable
IoCancelIrp
ObReferenceObjectByHandle
ExEventObjectType
ZwClose
IoOpenDeviceRegistryKey
KeCancelTimer
KeSetTimer
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
MmMapLockedPages
PsCreateSystemThread
PsTerminateSystemThread
KeClearEvent
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ObReferenceObjectByPointer
IoGetDeviceObjectPointer
RtlCompareMemory
ZwQueryValueKey
IoReleaseCancelSpinLock

hal

KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 115B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Martech_box_III_drivers/MRTboxun.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb99f64eeaefc5e759585f9cc619ed0b

Headers

File Characteristics

Imports

kernel32

setupapi

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 4KB - Virtual size: 3KB

0bd9ba296ddc95e498524aaa1ff9a5a6

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 384B - Virtual size: 360B

.data Size: 32B - Virtual size: 5B

PAGE Size: 128B - Virtual size: 115B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 832B - Virtual size: 824B

.reloc Size: 1024B - Virtual size: 1014B

Headers

File Characteristics

Sections

Size: - Virtual size: 212KB

���1 Size: 133KB - Virtual size: 136KB

.rsrc Size: 3KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 384B - Virtual size: 360B

.data
Size: 32B - Virtual size: 5B

PAGE
Size: 128B - Virtual size: 115B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 832B - Virtual size: 824B

.reloc
Size: 1024B - Virtual size: 1014B

��1
Size: 133KB - Virtual size: 136KB

.rsrc
Size: 3KB - Virtual size: 4KB