0431bec6e40c0af3650828b88da33a1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0431bec6e40c0af3650828b88da33a1c_JaffaCakes118
Size

267KB
MD5

0431bec6e40c0af3650828b88da33a1c
SHA1

7680e26c2f7e0a885b9bd1467bd994e1d19719ef
SHA256

19c9251ff4106872e82e23b9dc41e2f2d8f6c2734a5a7f6e1c02878e7517ef14
SHA512

481fba7cf32eee226802b11b5ccaf136334bf074fe51ef258de94c28fc9eb37c5061573c38ca4b5d939d0530644bb0056df0ba626b5d813ad1b41f97737c9b11
SSDEEP

6144:CtqFLg3CNxhYZrCCwVwette322cmfGSwk/Nj1uni:Cgq6hQKCLOS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0431bec6e40c0af3650828b88da33a1c_JaffaCakes118

Files

0431bec6e40c0af3650828b88da33a1c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

948332c395a28ac1a38ed894882458be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\pdFytQVUuoRQNb\bmvexSxynzvlpp\taNdOnPsf\mfIuYsct\bnHrBinoMsp.pdb

Imports

ntoskrnl.exe

IoFreeErrorLogEntry
IoGetDmaAdapter
MmUnsecureVirtualMemory
ZwOpenFile
IoSetPartitionInformation
SePrivilegeCheck
KeReadStateMutex
RtlUnicodeStringToInteger
PsIsThreadTerminating
CcMapData
RtlInitAnsiString
IoAllocateMdl
CcUninitializeCacheMap
IoSetTopLevelIrp
FsRtlIsDbcsInExpression
IoGetTopLevelIrp
ZwPowerInformation
ZwEnumerateKey
RtlFreeAnsiString
IoCsqRemoveIrp
IoVerifyVolume
ZwMapViewOfSection
ExRaiseAccessViolation
KdEnableDebugger
KeEnterCriticalRegion
KeInitializeTimer
RtlSetBits
ZwSetVolumeInformationFile
PsGetThreadProcessId
ExSystemTimeToLocalTime
RtlFindUnicodePrefix
IoIsWdmVersionAvailable
FsRtlFreeFileLock
CcMdlReadComplete
CcRemapBcb
ExGetPreviousMode
KdDisableDebugger
KeInitializeDpc
ZwDeviceIoControlFile
IoGetDeviceProperty
RtlFillMemoryUlong
IoCheckShareAccess
RtlCharToInteger
CcInitializeCacheMap
RtlAppendUnicodeToString
KeInitializeDeviceQueue
ExCreateCallback
IofCompleteRequest
CcMdlWriteComplete
MmUnmapReservedMapping
RtlIsNameLegalDOS8Dot3
KeBugCheck
RtlEnumerateGenericTable
KeQueryActiveProcessors
CcIsThereDirtyData
IoRegisterDeviceInterface
KeQueryTimeIncrement
IoConnectInterrupt
ZwSetValueKey
SeUnlockSubjectContext
MmSetAddressRangeModified
IoGetDeviceInterfaceAlias
FsRtlNotifyUninitializeSync
RtlInsertUnicodePrefix
RtlAreBitsClear
MmIsAddressValid
RtlGetVersion
CcCopyRead
RtlFindClearBits
PsChargeProcessPoolQuota
PsCreateSystemThread
ExUnregisterCallback
RtlCompareString
SeDeleteObjectAuditAlarm
IoRaiseHardError
RtlEqualSid
SeAppendPrivileges
MmSecureVirtualMemory
CcRepinBcb
ZwQuerySymbolicLinkObject
RtlTimeToTimeFields
ObMakeTemporaryObject
IoDetachDevice
RtlFindMostSignificantBit
IoInitializeIrp
IoWritePartitionTableEx
IoGetDeviceInterfaces
KeSetKernelStackSwapEnable
RtlTimeFieldsToTime
IoRegisterFileSystem
IoGetDeviceToVerify
SeDeassignSecurity
KeDelayExecutionThread
ExGetExclusiveWaiterCount
RtlCopySid
RtlValidSecurityDescriptor
ZwReadFile
HalExamineMBR
DbgBreakPoint
IoDeleteDevice
IoReportResourceForDetection
CcSetFileSizes
PsReturnPoolQuota
ZwFlushKey
KeSetSystemAffinityThread
MmSizeOfMdl
IoGetBootDiskInformation
IoSetPartitionInformationEx
RtlLengthSid
RtlCopyString
CcMdlWriteAbort
RtlInitializeUnicodePrefix
IoReadDiskSignature
IoGetRequestorProcessId
RtlOemStringToUnicodeString
ZwUnloadDriver
RtlAppendStringToString
IoReleaseVpbSpinLock
IoWMIWriteEvent
ExLocalTimeToSystemTime
IoStartTimer
FsRtlGetNextFileLock
RtlIntegerToUnicodeString
RtlCopyUnicodeString
IoSetHardErrorOrVerifyDevice
ZwAllocateVirtualMemory
CcZeroData
ZwQueryValueKey
IoCheckEaBufferValidity
KeWaitForMultipleObjects
IoGetDiskDeviceObject
MmFreeContiguousMemory
MmMapLockedPagesSpecifyCache
ObInsertObject
IoStartNextPacket
ZwQueryKey
CcPreparePinWrite
RtlCheckRegistryKey
IoThreadToProcess
IoReuseIrp
ExAcquireFastMutexUnsafe
KeResetEvent
ExDeletePagedLookasideList
CcMdlRead
RtlValidSid
CcPurgeCacheSection
KeDetachProcess
MmAddVerifierThunks
ExGetSharedWaiterCount
RtlFindLongestRunClear
RtlSubAuthoritySid
IoReleaseRemoveLockAndWaitEx
MmPageEntireDriver
ZwNotifyChangeKey
MmMapLockedPages
IoDeviceObjectType
IoInvalidateDeviceState
KeInitializeTimerEx
RtlMapGenericMask
SeSetSecurityDescriptorInfo
KeRevertToUserAffinityThread
IoSetSystemPartition
KeReleaseMutex
SeLockSubjectContext
RtlUpcaseUnicodeString
KeClearEvent
KeInitializeSemaphore
IoAllocateIrp
SeSinglePrivilegeCheck
RtlUpcaseUnicodeChar
IoQueryFileDosDeviceName
SeCaptureSubjectContext
RtlExtendedIntegerMultiply
IoRemoveShareAccess
CcCopyWrite
KeReadStateEvent
RtlUpperString
IoStopTimer
KeRemoveEntryDeviceQueue
IoReportDetectedDevice
ObfDereferenceObject
RtlInitializeSid
RtlSplay
PsDereferencePrimaryToken
FsRtlIsNameInExpression
SeQueryInformationToken
IoVolumeDeviceToDosName
RtlSecondsSince1980ToTime
IoAllocateController
KeQuerySystemTime
MmGetSystemRoutineAddress
RtlNtStatusToDosError
VerSetConditionMask
RtlRandom
MmUnlockPagableImageSection
RtlFindClearBitsAndSet
KeWaitForSingleObject
KeCancelTimer
SeValidSecurityDescriptor
DbgBreakPointWithStatus
ZwFsControlFile
MmAllocateContiguousMemory
IoDeleteController
RtlDeleteRegistryValue
PsLookupProcessByProcessId
ZwEnumerateValueKey
ExVerifySuite
RtlCreateRegistryKey
IoReleaseRemoveLockEx
RtlxOemStringToUnicodeSize
ZwFreeVirtualMemory
KeSaveFloatingPointState
IofCallDriver
ExRegisterCallback
RtlCompareMemory
KeGetCurrentThread
KeAttachProcess
RtlFindLeastSignificantBit
KeSetTargetProcessorDpc
IoGetAttachedDevice
PsSetLoadImageNotifyRoutine
RtlUnicodeToOemN
KeReleaseSemaphore
IoAcquireCancelSpinLock
ObfReferenceObject
IoMakeAssociatedIrp
IoCreateStreamFileObjectLite
MmUnlockPages
IoQueueWorkItem
RtlVerifyVersionInfo
RtlxAnsiStringToUnicodeSize
IoBuildPartialMdl
ZwQueryInformationFile
IoWMIRegistrationControl
CcGetFileObjectFromBcb
IoSetStartIoAttributes
RtlDelete
MmLockPagableDataSection
IoInitializeRemoveLockEx
IoCheckQuotaBufferValidity
KeRemoveQueueDpc
MmLockPagableSectionByHandle
ZwQueryObject
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmAllocateMappingAddress
FsRtlIsFatDbcsLegal
RtlInt64ToUnicodeString
ExAllocatePoolWithTag
MmMapIoSpace
ZwClose
KeInitializeSpinLock
MmHighestUserAddress
ExAllocatePoolWithQuotaTag
KeRemoveDeviceQueue
IoStartPacket
RtlGetNextRange
ProbeForRead
ZwCreateEvent

Exports

Exports

?SetSemaphoreOld@@YGMPADPAG]A
?FindMutantExW@@YGDMPAKDJ]A
?ShowConfigOriginal@@YGF_NPAEI]A
?ValidateThreadW@@YGPADMH]A
?CancelDeviceNew@@YGG_NFMG]A
?IncrementDirectoryA@@YGIPAKPAFPAK]A
?OnPointerEx@@YGPAXPANPAFD]A
?InstallTimeNew@@YGPAXJ]A
?RtlRectW@@YGGGGM]A
?CallKeyNameW@@YGHI]A
?GlobalModuleExW@@YGPAXDD]A
?IsValidTimeExW@@YGPAXPAM]A
?CopySizeOriginal@@YGI_NPAM]A
?ModifyStateW@@YGDMDE]A
?ShowSectionExA@@YGHHPAEJ]A
?FormatTaskEx@@YGIPA_NPAGG]A
?HideString@@YGIME]A
?EnumHeaderExW@@YGHGEPAK]A
?CancelDeviceExW@@YGGHE]A
?EnumOptionEx@@YGXEIJ]A
?ValidateKeyNameA@@YGHFPAMPAJ]A
?LoadSystemA@@YGPAGG_N]A
?WindowA@@YGDPAMPAH]A
?ScreenOriginal@@YGHG]A
?HideConfigExA@@YGXPAI]A
?GlobalMutantOriginal@@YGDMDFI]A
?DecrementCharOld@@YGPAG_N_NPAI]A
?ClosePath@@YGJHPAMPAI]A
?FindTaskNew@@YGPAHPAJPAFPA_N]A
?RtlTimerEx@@YGMF]A
?EnumProcessExA@@YGEPANDJJ]A
?CopyOptionOriginal@@YGX_N]A
?FormatListItemExA@@YGPAIPAKEPAE]A

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 367B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948332c395a28ac1a38ed894882458be

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 367B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 652B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 367B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 652B