02e5faf0337da356f061eee4761802f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02e5faf0337da356f061eee4761802f0_JaffaCakes118
Size

183KB
MD5

02e5faf0337da356f061eee4761802f0
SHA1

d0e872b609f41c4d9035b06bd2f3907de9ff546b
SHA256

964dba7cb57ae1fa908ff816005d9e2944c82a41a34b5028a8a5dde323b4ed63
SHA512

13628087a0bfd93f82618a1c360df81b90e4687b70a938484594aea6314ce5e89d3eef8f6c0310b8cc0e0768332b2dd2a4ec17eb49e61ce9ae3a0204df542c31
SSDEEP

3072:dlrDjDwFU2XIG6NC2JvL7PeiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdQlK5z:rDwF5XInJvHPgiU+dOgaq9lz7VdPyEdJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02e5faf0337da356f061eee4761802f0_JaffaCakes118

Files

02e5faf0337da356f061eee4761802f0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ff3b57c9110b6170f359b9041588a392

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\BtLbnxE\iejuRle\gGjXqmKiG.pdb

Imports

ntoskrnl.exe

IoSetSystemPartition
IofCallDriver
RtlMapGenericMask
CcFlushCache
IoReportDetectedDevice
MmUnlockPages
CcCopyRead
RtlSecondsSince1980ToTime
ObOpenObjectByPointer
ObMakeTemporaryObject
IoCreateStreamFileObjectLite
RtlFillMemoryUlong
SeAccessCheck
RtlAddAccessAllowedAceEx
KeDelayExecutionThread
RtlCopySid
IoAllocateMdl
KeReleaseSemaphore
ZwQueryVolumeInformationFile
IoWMIWriteEvent
RtlFreeAnsiString
IoCreateDevice
CcSetFileSizes
RtlPrefixUnicodeString
DbgBreakPointWithStatus
IoReadPartitionTableEx
DbgBreakPoint
RtlClearAllBits
PoRegisterSystemState
KeQueryActiveProcessors
ExReleaseFastMutexUnsafe
IoRequestDeviceEject
PsGetVersion
RtlInitString
RtlUpcaseUnicodeToOemN
SeDeleteObjectAuditAlarm
KeReadStateEvent
ZwMapViewOfSection
IoGetDriverObjectExtension
ExReinitializeResourceLite
MmAllocateContiguousMemory
KeRemoveEntryDeviceQueue
IoUnregisterFileSystem
RtlSubAuthoritySid
ZwDeleteValueKey
CcUnpinData
KeRevertToUserAffinityThread
ExFreePoolWithTag
ExQueueWorkItem
CcUnpinDataForThread
KeBugCheck
RtlDowncaseUnicodeString
MmAdvanceMdl
RtlFindMostSignificantBit
ExInitializeResourceLite
PsGetThreadProcessId
CcMdlWriteComplete
FsRtlAllocateFileLock
MmMapLockedPages
MmAllocateMappingAddress
IoInitializeIrp
FsRtlSplitLargeMcb
SeUnlockSubjectContext
RtlInitAnsiString
RtlInitUnicodeString
KeSetKernelStackSwapEnable
CcMdlWriteAbort
RtlFindClearBits
RtlDeleteElementGenericTable
KePulseEvent
KeRemoveQueueDpc
ExRaiseStatus
KeInsertByKeyDeviceQueue
KeLeaveCriticalRegion
RtlOemStringToUnicodeString
ZwFreeVirtualMemory
MmMapUserAddressesToPage
RtlInitializeSid
IoVerifyPartitionTable
ZwQueryKey
FsRtlNotifyUninitializeSync
RtlLengthRequiredSid
IoCreateDisk
ExGetExclusiveWaiterCount
IoSetHardErrorOrVerifyDevice
PsGetProcessExitTime
KeSynchronizeExecution
KeCancelTimer
RtlExtendedIntegerMultiply
ExRaiseAccessViolation
RtlxUnicodeStringToAnsiSize
RtlUpperChar
SeTokenIsRestricted
ZwClose
RtlCheckRegistryKey
ZwFlushKey
RtlInitializeGenericTable
VerSetConditionMask
RtlGUIDFromString
PoSetSystemState
IoRegisterDeviceInterface
FsRtlCheckLockForReadAccess
IoStartTimer
RtlFindLeastSignificantBit
FsRtlFreeFileLock
CcSetDirtyPinnedData
KdEnableDebugger
RtlWriteRegistryValue
IoInvalidateDeviceState
ProbeForRead
IoStopTimer
KeSetImportanceDpc
IoFreeController
SeOpenObjectAuditAlarm
IoAllocateController
MmPageEntireDriver
FsRtlIsHpfsDbcsLegal
FsRtlIsTotalDeviceFailure
ExSystemTimeToLocalTime
RtlValidSid
ZwOpenKey
RtlCharToInteger
IoAcquireCancelSpinLock
RtlCompareString
MmAddVerifierThunks
IoDetachDevice
CcIsThereDirtyData
KeResetEvent
ZwOpenFile
KeQueryTimeIncrement
ZwCreateKey
RtlFindSetBits
IoRegisterFileSystem
KeInitializeDpc
IoInitializeRemoveLockEx
SeReleaseSubjectContext
KeInitializeSemaphore
IoSetTopLevelIrp
PoUnregisterSystemState
ZwCreateSection
ExAllocatePool
RtlGetNextRange
MmGetPhysicalAddress
KeFlushQueuedDpcs
IoAllocateWorkItem
RtlEqualSid
ExVerifySuite
RtlxOemStringToUnicodeSize
IoQueryFileDosDeviceName
KeWaitForMultipleObjects
ZwCreateDirectoryObject
FsRtlCheckOplock
PsChargeProcessPoolQuota
PsLookupProcessByProcessId
MmQuerySystemSize
HalExamineMBR
KeRestoreFloatingPointState
KeRemoveDeviceQueue
RtlFindClearBitsAndSet
IoCreateSymbolicLink
CcRemapBcb
RtlClearBits
RtlFindLongestRunClear
IoCreateSynchronizationEvent
ZwReadFile
ExLocalTimeToSystemTime
PoSetPowerState
RtlTimeToSecondsSince1980
CcFastCopyWrite
RtlEqualString
RtlAddAccessAllowedAce
IoDeviceObjectType
CcInitializeCacheMap
DbgPrompt
KeReadStateSemaphore
ExReleaseResourceLite
FsRtlGetNextFileLock
ZwCreateFile
PsImpersonateClient
IoQueueWorkItem
RtlUpcaseUnicodeString
IoWriteErrorLogEntry
PsGetProcessId
FsRtlIsNameInExpression
SeQueryInformationToken
RtlValidSecurityDescriptor
PsGetCurrentProcess
IoDeleteSymbolicLink
CcPinRead
RtlIntegerToUnicodeString
PsTerminateSystemThread
KeRundownQueue
IoGetDmaAdapter
PsReferencePrimaryToken
IoAllocateErrorLogEntry
ExDeletePagedLookasideList
SeValidSecurityDescriptor
ZwSetVolumeInformationFile
IoCheckShareAccess
CcMdlRead
RtlAnsiCharToUnicodeChar
KeStackAttachProcess
MmIsVerifierEnabled
IoGetTopLevelIrp
RtlCompareUnicodeString
IoSetThreadHardErrorMode
IoBuildPartialMdl
IoGetDeviceToVerify
IoCreateFile
MmHighestUserAddress
CcFastMdlReadWait
IoReuseIrp
RtlxAnsiStringToUnicodeSize
KeQueryInterruptTime
ObReferenceObjectByPointer
RtlTimeToSecondsSince1970
IoGetDeviceInterfaceAlias
IoEnumerateDeviceObjectList
FsRtlNotifyInitializeSync
RtlHashUnicodeString
KeEnterCriticalRegion
RtlUnicodeStringToAnsiString
KeSetEvent
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
IoDisconnectInterrupt
RtlFindClearRuns
MmIsAddressValid
RtlCopyLuid
RtlUpperString
IoQueryFileInformation
MmUnmapIoSpace
KeAttachProcess
IoReleaseRemoveLockAndWaitEx
ExUuidCreate
IoGetDeviceAttachmentBaseRef
MmFreePagesFromMdl
ExRegisterCallback
RtlNtStatusToDosError
RtlUnicodeToMultiByteN
MmAllocatePagesForMdl
ZwQueryValueKey
IoAcquireVpbSpinLock
RtlOemToUnicodeN
CcDeferWrite
RtlQueryRegistryValues
PsSetLoadImageNotifyRoutine
IoConnectInterrupt
ZwWriteFile
CcZeroData
KeSaveFloatingPointState
RtlEqualUnicodeString
IoRaiseHardError
IoVerifyVolume
RtlInt64ToUnicodeString
KeInitializeMutex
RtlDelete
IoAllocateIrp
IoSetPartitionInformationEx
MmSecureVirtualMemory

Exports

Exports

?FormatProcessA@@YGGN_NPAK&U
?CancelWindowInfoNew@@YGGIN&U
?RemovePointerA@@YGPAXJPAH&U
?DeleteKeyNameA@@YGXKPAHMH&U
?RtlModuleW@@YGXJDI&U
?CancelTaskNew@@YGPAFPADHEPAG&U
?ModifyObjectNew@@YGJI&U
?TimerW@@YGDH&U
?DeleteDialogNew@@YGPAFFHE&U
?InsertEventA@@YGHEFF&U
?IncrementMediaType@@YGXMHDD&U
?HideObjectOriginal@@YGPADEPAD&U
?SetPathOriginal@@YGPADDD&U
?SetFolderNew@@YGXKGHG&U
?AddMessageOriginal@@YGPADPAHPAHGE&U
?ModifyComponentNew@@YGPADPAH&U
?CloseState@@YGFK&U
?InstallClassOld@@YGPAGPAN&U
?SetMutexExW@@YGPADGI&U
?RemoveObjectA@@YGXJ&U
?IsSection@@YGKPAFDPAIJ&U
?FreeWindowExA@@YGXNM_N&U
?CancelListEx@@YGX_NH&U
?GlobalExpressionA@@YGPAFPAKM&U
?RemoveMediaTypeOriginal@@YGIE&U
?RtlObjectExA@@YGPAIHPAE&U
?InvalidateWidthW@@YGPAXNIPAMPAH&U
?InsertSectionNew@@YGMDEF&U
?KillWindowInfoW@@YGPAJD&U
?CrtMediaTypeA@@YGXN&U
?LoadAnchorExW@@YGIKJ&U
?EnumObjectOriginal@@YGFMPAGPAHPAI&U
?HideFunctionW@@YGPAXIJHE&U
?InstallCommandLineExA@@YGI_NMJH&U

Sections

.text
Size: 29KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 569B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff3b57c9110b6170f359b9041588a392

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 569B

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 664B

.text
Size: 29KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 569B

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 664B