307d24b9e86cd8463dbed9e9184c8d12_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

307d24b9e86cd8463dbed9e9184c8d12_JaffaCakes118
Size

1.7MB
MD5

307d24b9e86cd8463dbed9e9184c8d12
SHA1

965632cfdfbeb578889646247b7dab194b65b1c1
SHA256

c87b01031ad605b6497d2826f8a163a9d79ec3c2b8e01721b0aa68550cf79d38
SHA512

1e6587dc981fb526ea1c1fc895be7dc2b414616c82c9e8aa28ad7fccb8e81673340bfb4137992f89ea251efbcf0cf43c028f4f8399b7564e87f48556e7da0e1f
SSDEEP

49152:Ce4+fLfyLdyr0BAmV1TT9QwxMo9iUbRVIZmNJeOxIdV0zJOtSyV:ltLfyLdQ07VZyw79iUb/1ZGCJOtb

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PORTTALK.SYS
unpack001/WDR.exe
unpack001/config.hf

Files

307d24b9e86cd8463dbed9e9184c8d12_JaffaCakes118
.rar
PORTTALK.SYS
.sys windows:5 windows x86 arch:x86

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
MmAllocateNonCachedMemory
Ke386IoSetAccessProcess
IoCreateSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IofCompleteRequest
PsLookupProcessByProcessId

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR

Sections

.text
Size: 736B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WD3.6.dat
WDR.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 1.4MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 540KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!rc!
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Jiack
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 297KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config.hf
.exe windows:5 windows x86 arch:x86

68d968cff2deeb13a21f046aa2421d09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
TlsSetValue
lstrcpy
Sleep
MulDiv

user32

GetKeyboardType
CreateWindowExA

advapi32

RegQueryValueExA
RegQueryValueExA
StartServiceA

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

ReleaseStgMedium

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

DragQueryFile
SHGetPathFromIDList

comdlg32

GetSaveFileNameA

winmm

sndPlaySoundA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

Size: 754KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 942KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wdm.ini
安装前必看.txt
安装必读文件.url
最牛的单机游戏下载网站.url

Sharing

General

Malware Config

Signatures

Files

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 736B - Virtual size: 714B

.rdata Size: 160B - Virtual size: 148B

.data Size: 32B - Virtual size: 4B

INIT Size: 448B - Virtual size: 440B

.rsrc Size: 992B - Virtual size: 984B

.reloc Size: 96B - Virtual size: 82B

Headers

File Characteristics

Sections

Size: 1.4MB - Virtual size: 1.6MB

Size: 540KB - Virtual size: 544KB

.!rc! Size: - Virtual size: 16KB

.Jiack Size: 11KB - Virtual size: 12KB

.rsrc Size: 297KB - Virtual size: 300KB

68d968cff2deeb13a21f046aa2421d09

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

winspool.drv

shell32

comdlg32

winmm

msvcrt

iphlpapi

psapi

Sections

Size: 754KB - Virtual size: 2.4MB

.sedata Size: 942KB - Virtual size: 944KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 9KB - Virtual size: 12KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 736B - Virtual size: 714B

.rdata
Size: 160B - Virtual size: 148B

.data
Size: 32B - Virtual size: 4B

INIT
Size: 448B - Virtual size: 440B

.rsrc
Size: 992B - Virtual size: 984B

.reloc
Size: 96B - Virtual size: 82B

.!rc!
Size: - Virtual size: 16KB

.Jiack
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 297KB - Virtual size: 300KB

.sedata
Size: 942KB - Virtual size: 944KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 9KB - Virtual size: 12KB

.sedata
Size: 4KB - Virtual size: 4KB