3dcd38a98ca5d3642f6413f1df03ced8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3dcd38a98ca5d3642f6413f1df03ced8_JaffaCakes118
Size

25KB
MD5

3dcd38a98ca5d3642f6413f1df03ced8
SHA1

1d0bf133936cc631737c305a4d866f06af00828e
SHA256

30447582e1332cc7736a3181e4eacd55a7e381115b7a1384bfc5b8aababaa6f5
SHA512

ec768eccc464160c3d71a084956b8f22b424c6dc56cacf35b1a99b2d98901fea073716557029314f84a626eeb4cf82b58b3e5210a53a20bd503aac5817b25b11
SSDEEP

768:Y+TQTEb1cNCy7AbI8qeD3Hlx+Imd35r1f42oz:BQYpc4yAE8qElxk3Z62+

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WIN2K&NT/CG300AU.SYS
unpack001/WIN2K&NT/CG300vc.sys
unpack001/WIN2K&NT/KUTILS.SYS
unpack001/WIN2K&NT/VGACard.sys

Files

3dcd38a98ca5d3642f6413f1df03ced8_JaffaCakes118
.rar
WIN2K&NT/CG300AU.INF
WIN2K&NT/CG300AU.SYS
.sys windows:5 windows x86 arch:x86

820fbe051ef2c66f819724aa22f35923

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IofCompleteRequest
InterlockedExchange
IoStartPacket
IoReleaseCancelSpinLock
IofCallDriver
KeInitializeSpinLock
IoCreateDevice
IoRegisterDeviceInterface
RtlIntegerToUnicodeString
InterlockedIncrement
InterlockedDecrement
KeInitializeEvent
RtlFreeUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoStopTimer
RtlAppendUnicodeStringToString
DbgPrint
RtlAssert
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
IoSetDeviceInterfaceState
WRITE_REGISTER_ULONG
MmMapIoSpace
IoDisconnectInterrupt
MmUnmapIoSpace
IoStartNextPacket
RtlAppendUnicodeToString
IoDetachDevice
IoAcquireCancelSpinLock
IoConnectInterrupt
READ_REGISTER_ULONG
ZwClose
KeRemoveEntryDeviceQueue
KeRemoveDeviceQueue
ExFreePool
READ_REGISTER_UCHAR
KeWaitForSingleObject
WRITE_REGISTER_UCHAR
KeClearEvent
IoCreateNotificationEvent
KeResetEvent

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
READ_PORT_ULONG
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_UCHAR

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN2K&NT/CG300vc.sys
.sys windows:5 windows x86 arch:x86

1b6153529b98205bd38ab57cefedff50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoRegisterDeviceInterface
KeInitializeDpc
KeInitializeEvent
IoDeleteDevice
IoAttachDeviceToDeviceStack
IofCompleteRequest
IoDisconnectInterrupt
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
InterlockedIncrement
InterlockedDecrement
IoDetachDevice
RtlFreeUnicodeString
IofCallDriver
IoStartPacket
IoCreateSymbolicLink
IoCreateDevice
RtlAssert
IoSetDeviceInterfaceState
PoCallDriver
PoStartNextPowerIrp
IoConnectInterrupt
MmMapIoSpace
MmUnmapIoSpace
IoStartNextPacket
RtlAppendUnicodeToString
ExFreePool
IoReleaseCancelSpinLock
InterlockedExchange
IoAcquireCancelSpinLock
KeInsertQueueDpc
KeRemoveEntryDeviceQueue
KeSynchronizeExecution
KeRemoveDeviceQueue
IoStopTimer
READ_REGISTER_UCHAR
KeWaitForSingleObject
WRITE_REGISTER_UCHAR
KeResetEvent
READ_REGISTER_ULONG
DbgPrint
WRITE_REGISTER_ULONG
KeSetEvent

hal

KfRaiseIrql
KfLowerIrql
WRITE_PORT_ULONG
READ_PORT_ULONG
READ_PORT_UCHAR
WRITE_PORT_UCHAR

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN2K&NT/KUTILS.SYS
.sys windows:5 windows x86 arch:x86

0dfdbc35a9f5a5c7aad1eeea8b0960d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
KeSetEvent
IoReleaseRemoveLockEx
KeWaitForSingleObject
RtlAssert
KeInitializeEvent
IoCreateDevice
RtlInitUnicodeString
IoReleaseRemoveLockAndWaitEx
MmFreeContiguousMemory
MmUnmapIoSpace
IofCompleteRequest
IoAcquireRemoveLockEx
MmGetPhysicalAddress
IoDetachDevice
IoDeleteSymbolicLink
PoStartNextPowerIrp
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
ZwUnmapViewOfSection
ZwClose
ZwQueryValueKey
ZwOpenKey
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
IoCreateSymbolicLink
IoAttachDeviceToDeviceStack
DbgPrint
IoDeleteDevice
IoInitializeRemoveLockEx
RtlQueryRegistryValues
ExAllocatePoolWithTag
memmove
MmAllocateContiguousMemory
ExFreePool
PoCallDriver

hal

HalGetBusData
HalTranslateBusAddress
HalGetBusDataByOffset
WRITE_PORT_ULONG
HalSetBusDataByOffset
WRITE_PORT_UCHAR
READ_PORT_ULONG
WRITE_PORT_USHORT
READ_PORT_USHORT
READ_PORT_UCHAR

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 576B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN2K&NT/Kutils.inf
WIN2K&NT/VGACard.inf
WIN2K&NT/VGACard.sys
.sys windows:5 windows x86 arch:x86

ca9fa506183f04fc20dcaaa8f4c217f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
RtlAppendUnicodeStringToString
MmMapIoSpace
IoDeleteDevice
IofCompleteRequest
IoDeleteSymbolicLink
IoCreateSymbolicLink
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
RtlIntegerToUnicodeString
RtlAppendUnicodeToString

hal

HalGetBusData
HalTranslateBusAddress

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 442B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WIN2K&NT/cg300VC.inf

Sharing

General

Malware Config

Signatures

Files

820fbe051ef2c66f819724aa22f35923

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 352B - Virtual size: 328B

.data Size: 32B - Virtual size: 8B

PAGE Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 756B

1b6153529b98205bd38ab57cefedff50

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 320B - Virtual size: 312B

.data Size: 32B - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 504B

0dfdbc35a9f5a5c7aad1eeea8b0960d5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 480B - Virtual size: 452B

.data Size: 32B - Virtual size: 12B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 960B - Virtual size: 952B

.reloc Size: 576B - Virtual size: 546B

ca9fa506183f04fc20dcaaa8f4c217f7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 96B - Virtual size: 92B

.data Size: 32B - Virtual size: 4B

INIT Size: 448B - Virtual size: 442B

.reloc Size: 128B - Virtual size: 102B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 352B - Virtual size: 328B

.data
Size: 32B - Virtual size: 8B

PAGE
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 756B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 320B - Virtual size: 312B

.data
Size: 32B - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 504B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 480B - Virtual size: 452B

.data
Size: 32B - Virtual size: 12B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 960B - Virtual size: 952B

.reloc
Size: 576B - Virtual size: 546B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 96B - Virtual size: 92B

.data
Size: 32B - Virtual size: 4B

INIT
Size: 448B - Virtual size: 442B

.reloc
Size: 128B - Virtual size: 102B