02ac83e5818f98308b33cca05ebdd6bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

02ac83e5818f98308b33cca05ebdd6bf_JaffaCakes118
Size

106KB
MD5

02ac83e5818f98308b33cca05ebdd6bf
SHA1

85b848f4865c0ff6daa95e3b65c8b71cc83b6c06
SHA256

512053c3eebce52b7cd4d4d73cb46556ad5a5b7a3f2d0ee348b8c789f15ab194
SHA512

71c6cf552439c4bb29dac4cd688cb680c00cc93d50f45674b0c898a2ef60a86ca9e3a2ec539cd0498a471350c7977e9d61818dfa7ad7d1df57bf3caff034fc4a
SSDEEP

3072:x4IpmXIpQWCU3Wh2AjSlkNcAGtBvZBYHUg+:5sjU3WhqKGt94Hg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02ac83e5818f98308b33cca05ebdd6bf_JaffaCakes118

Files

02ac83e5818f98308b33cca05ebdd6bf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

300dc7751b9ad02a4d258882aaba42aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\yjbPpgHjCqyDdt\iSbssvvzs\fsaPsfBip\gpfOaufG.pdb

Imports

ntoskrnl.exe

CcInitializeCacheMap
ExGetPreviousMode
PsGetCurrentThread
RtlValidSecurityDescriptor
ZwReadFile
MmAddVerifierThunks
IoRemoveShareAccess
CcUnpinRepinnedBcb
SeQueryAuthenticationIdToken
ZwSetValueKey
RtlLengthSecurityDescriptor
IoInitializeIrp
IoAllocateErrorLogEntry
ExReleaseResourceLite
ProbeForWrite
SeAccessCheck
RtlSplay
ExAllocatePoolWithQuotaTag
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
PsImpersonateClient
SeImpersonateClientEx
RtlAreBitsSet
ExDeleteNPagedLookasideList
FsRtlCheckLockForReadAccess
IoGetDeviceInterfaces
RtlUnicodeStringToOemString
RtlAddAccessAllowedAce
ZwFsControlFile
RtlxAnsiStringToUnicodeSize
IoCheckShareAccess
ZwUnloadDriver
PsGetVersion
IoSetDeviceToVerify
IofCompleteRequest
CcCopyWrite
RtlEqualString
RtlCompareString
ZwMakeTemporaryObject
KeSetPriorityThread
FsRtlMdlWriteCompleteDev
IoCreateNotificationEvent
ExRaiseAccessViolation
IoStopTimer
IoQueryDeviceDescription
MmUnsecureVirtualMemory
IoGetRelatedDeviceObject
ZwAllocateVirtualMemory
ZwQueryVolumeInformationFile
ExGetSharedWaiterCount
RtlGetVersion
FsRtlIsNameInExpression
IoReleaseCancelSpinLock
KeDeregisterBugCheckCallback
IoWriteErrorLogEntry
KeQuerySystemTime
ZwCreateKey
CcSetDirtyPinnedData
RtlAnsiCharToUnicodeChar
RtlEqualSid
IoStartPacket
IofCallDriver
KeSetSystemAffinityThread
RtlVolumeDeviceToDosName
IoIsSystemThread
KeAttachProcess
ExAllocatePoolWithQuota
KeSetImportanceDpc
RtlSetAllBits
IoStartNextPacket
KeRundownQueue
KeSaveFloatingPointState
IoGetDeviceProperty
IoCreateStreamFileObjectLite
IoGetTopLevelIrp
ProbeForRead
IoRaiseHardError
RtlUpcaseUnicodeString
IoCreateDisk
RtlCreateSecurityDescriptor
IoDeleteDevice
ZwLoadDriver
MmResetDriverPaging
IoAcquireRemoveLockEx
KeRemoveEntryDeviceQueue
ExSystemTimeToLocalTime
MmLockPagableDataSection
RtlClearBits
VerSetConditionMask
RtlFindLastBackwardRunClear
FsRtlIsDbcsInExpression
ZwEnumerateKey
IoCsqRemoveIrp
MmIsThisAnNtAsSystem
ObInsertObject
DbgBreakPointWithStatus
IoAcquireCancelSpinLock
KdDisableDebugger
KeSetEvent
ExDeleteResourceLite
MmIsDriverVerifying
KeRemoveQueueDpc
IoInitializeTimer
KeResetEvent
KeClearEvent
PsGetThreadProcessId
RtlUpcaseUnicodeChar
IoGetDmaAdapter
IoFreeMdl
IoAllocateWorkItem
MmSecureVirtualMemory
CcMdlWriteComplete
ZwDeviceIoControlFile
IoMakeAssociatedIrp
IoGetLowerDeviceObject
RtlOemStringToUnicodeString
PoCallDriver
RtlFindNextForwardRunClear
RtlCopyUnicodeString
ZwOpenFile
MmForceSectionClosed
ExUnregisterCallback
MmMapIoSpace
RtlMultiByteToUnicodeN
PoRegisterSystemState
IoGetDriverObjectExtension
IoCheckEaBufferValidity
IoDeleteSymbolicLink
ZwClose
PsIsThreadTerminating
MmGetPhysicalAddress
RtlClearAllBits
CcMdlReadComplete
MmAllocateNonCachedMemory
IoReportDetectedDevice
ObfReferenceObject
IoGetAttachedDeviceReference
KeSetTimerEx
IoRegisterFileSystem
CcMdlWriteAbort
RtlUpcaseUnicodeToOemN
ZwFlushKey
KeInitializeQueue
KeInsertQueueDpc
PoUnregisterSystemState
ZwOpenKey
MmGetSystemRoutineAddress
SeTokenIsRestricted
KeReadStateEvent
ExLocalTimeToSystemTime
IoSetHardErrorOrVerifyDevice
ExSetTimerResolution
ZwEnumerateValueKey
IoWMIRegistrationControl
RtlNtStatusToDosError
RtlInitAnsiString
MmUnlockPages
FsRtlIsTotalDeviceFailure
IoGetDeviceInterfaceAlias
ZwOpenSection
RtlDeleteNoSplay
MmIsVerifierEnabled
ExUuidCreate
RtlDeleteElementGenericTable
MmAllocatePagesForMdl
RtlAppendUnicodeToString
PsGetProcessExitTime
KeInitializeSpinLock
ZwSetVolumeInformationFile
IoSetTopLevelIrp
RtlInitializeBitMap
FsRtlNotifyInitializeSync
RtlEqualUnicodeString
RtlFindClearBitsAndSet
IoDeviceObjectType
IoFreeIrp
IoQueryFileDosDeviceName
KeLeaveCriticalRegion
IoCreateFile
RtlInsertUnicodePrefix
IoWritePartitionTableEx
ExFreePoolWithTag
RtlSecondsSince1970ToTime
CcUnpinData
MmMapLockedPagesSpecifyCache
IoThreadToProcess
SeDeleteObjectAuditAlarm
RtlRandom
RtlCopyLuid
RtlTimeFieldsToTime
RtlxOemStringToUnicodeSize
MmAllocateMappingAddress
IoSetThreadHardErrorMode
ObQueryNameString
PoSetSystemState
KeInitializeTimer
IoReadPartitionTable
ObMakeTemporaryObject
CcPurgeCacheSection
IoGetBootDiskInformation
RtlCopyString
MmProbeAndLockPages
CcFastMdlReadWait
KeBugCheckEx
ObGetObjectSecurity
IoDetachDevice
RtlFindLeastSignificantBit
CcSetFileSizes
SeDeassignSecurity
KeRestoreFloatingPointState
ObCreateObject
IoDeleteController
SeLockSubjectContext
IoIsWdmVersionAvailable
HalExamineMBR
IoOpenDeviceRegistryKey
FsRtlCheckOplock
KeEnterCriticalRegion
PsSetLoadImageNotifyRoutine
KeQueryActiveProcessors
RtlInitializeGenericTable
MmFreeContiguousMemory
ExInitializeResourceLite
ZwCreateFile
PsLookupThreadByThreadId
KeSetBasePriorityThread
IoAllocateController
ExReinitializeResourceLite
MmHighestUserAddress
ExQueueWorkItem
ZwCreateDirectoryObject
KeInsertQueue
RtlCopySid
KeWaitForMultipleObjects
ExSetResourceOwnerPointer
MmFreePagesFromMdl
KeReadStateSemaphore
FsRtlCheckLockForWriteAccess
RtlFindSetBits
RtlGenerate8dot3Name
KeRemoveQueue
SeAssignSecurity
RtlCompareMemory
KeStackAttachProcess
MmAdvanceMdl
RtlHashUnicodeString
IoFreeErrorLogEntry
IoCreateDevice
RtlFreeOemString
ExReleaseFastMutexUnsafe
MmBuildMdlForNonPagedPool
CcFastCopyRead
MmFreeMappingAddress
KeInitializeSemaphore
KeSetKernelStackSwapEnable
CcSetReadAheadGranularity
RtlAppendStringToString
FsRtlNotifyUninitializeSync
RtlxUnicodeStringToAnsiSize
RtlSecondsSince1980ToTime
RtlWriteRegistryValue
ObReferenceObjectByPointer

Exports

Exports

?RtlKeyboardOriginal@@YGEJ[W
?GenerateHeightExA@@YGGPAJEPAHJ[W
?ModifyFilePathEx@@YGDPAEPAGPAK[W
?LoadFullNameNew@@YGPAFNK[W
?RtlSectionA@@YGJPANPAEN[W
?CloseFolderPathExA@@YGMPAK[W
?ShowHeaderEx@@YGGMDGPA_N[W
?GenerateWidthExW@@YGGPAGHNE[W
?OnProviderOld@@YGXD[W
?PutFunctionEx@@YG_NI_NJG[W
?IncrementStateExW@@YGNPAGD[W
?ShowDataNew@@YGXEJ[W
?CloseCommandLineW@@YGPAMJH[W
?HideThreadNew@@YGND[W
?RemoveObjectW@@YGHPAEKPADPAE[W
?ShowPointExA@@YGGPAKPAMPAG[W
?InvalidateProviderEx@@YGIF[W
?AddDataEx@@YGXJ[W

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

300dc7751b9ad02a4d258882aaba42aa

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 21KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 21KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 816B