38b98a44bdf894fc3376908b8681d6d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38b98a44bdf894fc3376908b8681d6d1_JaffaCakes118
Size

335KB
MD5

38b98a44bdf894fc3376908b8681d6d1
SHA1

29e5478f161150992a7aa8b60486c1c5017345b9
SHA256

8bf5877c3ca2d5187d317044ef322cbb520f18a7efa333d9f4f9089db79e9941
SHA512

b5dd3f6f9d3364e17ba9cda306b800c878d75d42a0a4d7b9f8d4ebab37a4d55ed651ce5c8bcf4dc0a333d9a37f442dc10ab925f21e12ff7f87974b4492d1b05c
SSDEEP

3072:P+ScWD9Ruvtz2UKIlmR5vA3HbxkE8uiynMLLu7+IwjY6oCnAgSfwG4zDvgaKpX53:7cnR2UKIluvWuvuiyCavgSgDvAuJ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38b98a44bdf894fc3376908b8681d6d1_JaffaCakes118

Files

38b98a44bdf894fc3376908b8681d6d1_JaffaCakes118
.sys windows:6 windows x64 arch:x64

a54ed600fef42176eedf1d9d72ddb491

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

usbhub.pdb

Imports

ntoskrnl.exe

EyIoterlockedInsertTailList
IoAllocateWorkItem
KeQueryTimeIncrement
IofCompleteRequest
KeWaitForSingleObject
KeBugCheckEx
KeSetTimer
ObfReferenceObject
ObfDereferenceObject
IoQueueWorkItem
KeWaitForMultipleObjects
IofCallDriver
KeAcquireSpinLockRaiseToDpc
KeReleaseSemaphore
KeResetEvent
IoCancelIrp
IoFreeIrp
RtlInitUnicodeString
ZwSetValueKey
ZwClose
RtlWriteRegistryValue
RtlCompareMemory
IoOpenDeviceRegistryKey
KeReadStateEvent
IoInvalidateDeviceRelations
PoSetPowerState
KeInitializeSemaphore
IoInitializeWorkItem
IoAllocateIrp
IoInitializeIrp
KeCancelTimer
IoInvalidateDeviceState
IoInitializeTimer
IoStartTimer
IoStopTimer
PoRequestPowerIrp
PoGetSystemWake
PoStartNextPowerIrp
PoCallDriver
PoSetSystemWake
IoGetAttachedDeviceReference
IoGetDeviceProperty
JdEemaxDxdctuhnoUisdad
IoWMIWriteEvent
IoRegisterShutdownNotification
RtlIntegerToUnicodeString
IoDeleteDevice
RtlCheckRegistryKey
MmGetSystemRoutineAddress
RtlSetBits
IoDetachDevice
RtlInitializeBitMap
KeDeregisterBugCheckReasonCallback
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
RtlFindClearBitsAndSet
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
RtlClearBits
KeRegisterBugCheckReasonCallback
RtlAppendUnicodeToString
RtlQueryRegistryValues
RtlFreeUnicodeString
ZwQueryValueKey
_vsnwprintf
RtlCopyUnicodeString
RtlCreateRegistryKey
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
RtlStringFromGUID
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
ZwCreateKey
ZwEnumerateValueKey
RtlDeleteRegistryValue
ZwOpenKey
EtwUnregister
EtwRegister
EtwWrite
KeInitializeTimer
KeReleaseSpinL�$�<�KeInitializeTimer
IoReleaseRemoveLockEx
KeInitializeDpc
KeInitializeEvent
IoFreeWorkItem
KeSetEvent
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
IoAcquireRemoveLockEx
IoWMIRegistrationControl
ExAllocatePoolWithTag
ProbeForRead
ExAllocatePoolWithQuotaTag
IoReleaseCancelSpinLock
__C_specific_handler

wmilib.sys

WmiSystemControl
WmiCompleteRequest
WmiFireEvent

ksecdd.sys

BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptHashData
BCryptGetProperty

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.guids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a54ed600fef42176eedf1d9d72ddb491

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wmilib.sys

ksecdd.sys

Sections

.text Size: 245KB - Virtual size: 245KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 18KB - Virtual size: 18KB

.pdata Size: 8KB - Virtual size: 8KB

.guids Size: 512B - Virtual size: 16B

PAGE Size: 2KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 245KB - Virtual size: 245KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 18KB - Virtual size: 18KB

.pdata
Size: 8KB - Virtual size: 8KB

.guids
Size: 512B - Virtual size: 16B

PAGE
Size: 2KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 2KB - Virtual size: 1KB