15b073ac81e5c34c72350015a59e7fd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15b073ac81e5c34c72350015a59e7fd8_JaffaCakes118
Size

103KB
MD5

15b073ac81e5c34c72350015a59e7fd8
SHA1

6ca0384d9318b7591d04d326398f540f46fceeac
SHA256

77d1c59d6503cdfcba3d76f5099b99f0fe1dcedcdc141b48f5ba7215ed607cc2
SHA512

229975a63d2355ef71bf30615e4be4a609b2845a1250240e723e38fa0caacc55c73abaee3466f9cc70327619de0a2451f68a5920dbd5efaffff96551d3dc92f4
SSDEEP

1536:j5FFWLp/RlnePSE+G6rRD8KOUhgGW7t4OAaa16BSRCO:j5FFo9KSGwRD8KPgGW7KBaG6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15b073ac81e5c34c72350015a59e7fd8_JaffaCakes118

Files

15b073ac81e5c34c72350015a59e7fd8_JaffaCakes118
.sys windows:6 windows x86 arch:x86

59c3c7fb8af4a232a0b2f38363b39c9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bldstorage\storage\ide\rel10.1\driver\os\win\miniport\scsiport\objfre_wlh_x86\i386\nvgts.pdb

Imports

scsiport.sys

ScsiPortGetUncachedExtension
ScsiPortGetDeviceBase
ScsiPortInitialize
ScsiPortReadPortUchar
ScsiPortReadPortUshort
ScsiPortReadPortUlong
ScsiPortReadPortBufferUchar
ScsiPortReadPortBufferUshort
ScsiPortReadPortBufferUlong
ScsiPortReadRegisterUchar
ScsiPortReadRegisterUshort
ScsiPortReadRegisterUlong
ScsiPortReadRegisterBufferUchar
ScsiPortReadRegisterBufferUshort
ScsiPortReadRegisterBufferUlong
ScsiPortWritePortUchar
ScsiPortFreeDeviceBase
ScsiPortWritePortUlong
ScsiPortWritePortBufferUchar
ScsiPortWritePortBufferUshort
ScsiPortWritePortBufferUlong
ScsiPortWriteRegisterUchar
ScsiPortWriteRegisterUshort
ScsiPortWriteRegisterUlong
ScsiPortWriteRegisterBufferUchar
ScsiPortWriteRegisterBufferUshort
ScsiPortWriteRegisterBufferUlong
ScsiPortGetBusData
ScsiPortSetBusDataByOffset
ScsiPortMoveMemory
ScsiPortStallExecution
ScsiPortGetPhysicalAddress
ScsiDebugPrint
ScsiPortGetLogicalUnit
ScsiPortWritePortUshort
ScsiPortNotification

ntoskrnl.exe

KeTickCount
KeBugCheckEx

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c3c7fb8af4a232a0b2f38363b39c9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

scsiport.sys

ntoskrnl.exe

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 512B - Virtual size: 384B

.data Size: 19KB - Virtual size: 19KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 512B - Virtual size: 384B

.data
Size: 19KB - Virtual size: 19KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB