043b4d5455218d9af814534aa7b9adff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

043b4d5455218d9af814534aa7b9adff_JaffaCakes118
Size

159KB
MD5

043b4d5455218d9af814534aa7b9adff
SHA1

f47674ea321a8f45c49f676ab59ad2f710af422f
SHA256

2455debc646e940130dc30739cbfe5701510bcebc7f70e8a3d392fc955244510
SHA512

56a07a886b9f2a93eeaa800226329d62ba843795187542b8df6f8b09644872779cddd437da5cb80cba6b4c011442b1852c33d46672a153ba72c388f6679e8922
SSDEEP

3072:xHcWh/cFsXhWK9AB4nn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:x8eA+8K9hn0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
043b4d5455218d9af814534aa7b9adff_JaffaCakes118

Files

043b4d5455218d9af814534aa7b9adff_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6407b48257127c07ca6facb2e4b1c66f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\skFyaNWws\ayiutOtl\hGvHIWVnou\WDbqRri\watzTPsasaacb.pdb

Imports

ntoskrnl.exe

FsRtlAllocateFileLock
ExGetPreviousMode
MmBuildMdlForNonPagedPool
RtlUnicodeToMultiByteN
SeDeassignSecurity
PoSetSystemState
RtlClearAllBits
MmIsDriverVerifying
ZwPowerInformation
FsRtlIsTotalDeviceFailure
CcSetBcbOwnerPointer
ZwOpenSection
MmSecureVirtualMemory
IofCallDriver
ZwCreateDirectoryObject
MmUnlockPagableImageSection
MmHighestUserAddress
KeRestoreFloatingPointState
RtlAnsiCharToUnicodeChar
ExIsProcessorFeaturePresent
MmUnlockPages
IoSetShareAccess
ExVerifySuite
KeRemoveQueueDpc
IoDeleteSymbolicLink
ExGetSharedWaiterCount
FsRtlCheckOplock
RtlSecondsSince1970ToTime
RtlAnsiStringToUnicodeString
KeRemoveQueue
RtlUpperString
CcSetFileSizes
MmFreePagesFromMdl
CcMdlRead
CcSetDirtyPinnedData
DbgBreakPointWithStatus
SeValidSecurityDescriptor
RtlIsNameLegalDOS8Dot3
RtlInt64ToUnicodeString
IoGetAttachedDeviceReference
ExNotifyCallback
IoRemoveShareAccess
RtlEnumerateGenericTable
IoCreateSynchronizationEvent
RtlUnicodeStringToAnsiString
RtlUnicodeStringToOemString
ExRaiseStatus
ExGetExclusiveWaiterCount
KeRemoveByKeyDeviceQueue
KeSetPriorityThread
ObMakeTemporaryObject
ZwCreateFile
RtlDeleteNoSplay
SeReleaseSubjectContext
MmResetDriverPaging
DbgPrompt
KeQuerySystemTime
IoSetDeviceInterfaceState
RtlQueryRegistryValues
KeInitializeMutex
RtlTimeFieldsToTime
ZwFlushKey
KeInsertByKeyDeviceQueue
ExRaiseDatatypeMisalignment
RtlAppendStringToString
IoCreateFile
IoInitializeTimer
RtlSetAllBits
KeInitializeDeviceQueue
ZwMakeTemporaryObject
ZwQuerySymbolicLinkObject
IoAllocateAdapterChannel
SeAccessCheck
KeRemoveEntryDeviceQueue
KeInsertQueueDpc
KeInitializeSpinLock
ZwCreateKey
PsImpersonateClient
IoAllocateController
RtlFreeAnsiString
SeAppendPrivileges
IoCreateDisk
IoGetDeviceAttachmentBaseRef
ZwQueryInformationFile
IoStartNextPacket
RtlFindMostSignificantBit
RtlUpcaseUnicodeString
IoSetPartitionInformationEx
FsRtlCheckLockForWriteAccess
ObReferenceObjectByPointer
KeInitializeApc
RtlCompareUnicodeString
RtlFindLastBackwardRunClear
SeFilterToken
PsCreateSystemThread
IoReleaseRemoveLockAndWaitEx
KeSetTimer
RtlTimeToTimeFields
ZwFreeVirtualMemory
PsGetProcessExitTime
IoSetThreadHardErrorMode
IoSetHardErrorOrVerifyDevice
IoInvalidateDeviceState
RtlOemToUnicodeN
IoVerifyVolume
IoAcquireVpbSpinLock
FsRtlIsHpfsDbcsLegal
RtlDowncaseUnicodeString
RtlInitializeBitMap
PoCallDriver
IoGetStackLimits
ZwOpenKey
RtlCopyString
KeReadStateSemaphore
FsRtlCheckLockForReadAccess
ExSetTimerResolution
ZwOpenProcess
KeEnterCriticalRegion
IoGetRequestorProcessId
RtlSetDaclSecurityDescriptor
MmGetPhysicalAddress
RtlDeleteRegistryValue
IoWriteErrorLogEntry
RtlFindClearBits
CcFastMdlReadWait
KeRemoveDeviceQueue
IoReleaseRemoveLockEx
KeSetTargetProcessorDpc
IoQueryFileInformation
KeInsertDeviceQueue
RtlVerifyVersionInfo
IoGetCurrentProcess
CcFastCopyRead
RtlEqualString
RtlGUIDFromString
IoGetDeviceToVerify
ProbeForWrite
IoStartTimer
RtlCreateAcl
CcCanIWrite
RtlInitializeUnicodePrefix
RtlFindClearBitsAndSet
MmMapUserAddressesToPage
IoCsqRemoveIrp
RtlRandom
ZwWriteFile
IoCreateStreamFileObjectLite
KeRegisterBugCheckCallback
RtlEqualSid
MmFlushImageSection
RtlFreeOemString
IoWMIWriteEvent
IoQueryFileDosDeviceName
KePulseEvent
RtlUpcaseUnicodeChar
PsReferencePrimaryToken
IoGetRelatedDeviceObject
ObReleaseObjectSecurity
PsRevertToSelf
CcRemapBcb
ExReleaseResourceLite
HalExamineMBR
MmSizeOfMdl
IoWMIRegistrationControl
IoReportDetectedDevice
IoCreateNotificationEvent
FsRtlNotifyUninitializeSync
IoReportResourceForDetection
FsRtlDeregisterUncProvider
IoGetDeviceInterfaceAlias
ExDeletePagedLookasideList
RtlFindLeastSignificantBit
PoStartNextPowerIrp
CcPinRead
ZwOpenSymbolicLinkObject
IoRegisterFileSystem
ZwNotifyChangeKey
RtlTimeToSecondsSince1980
IoReadPartitionTableEx
RtlUpperChar
PsReturnPoolQuota
PsTerminateSystemThread
PsSetLoadImageNotifyRoutine
RtlDeleteElementGenericTable
WmiQueryTraceInformation
IoCreateStreamFileObject
ExQueueWorkItem
MmIsVerifierEnabled
KeSaveFloatingPointState
RtlInitAnsiString
PoUnregisterSystemState
RtlStringFromGUID
RtlSplay
KeQueryTimeIncrement
PsGetCurrentThread
RtlLengthRequiredSid
ExReleaseFastMutexUnsafe
IoBuildPartialMdl
KeInitializeEvent
RtlxOemStringToUnicodeSize
MmUnsecureVirtualMemory
SeFreePrivileges
KeQueryActiveProcessors
FsRtlIsDbcsInExpression
IoGetDeviceProperty
KeStackAttachProcess
IoGetDmaAdapter
ExSystemTimeToLocalTime
MmAdvanceMdl
FsRtlIsNameInExpression
ZwDeleteValueKey
IofCompleteRequest
SeQueryAuthenticationIdToken
PsGetCurrentThreadId
RtlCreateRegistryKey
MmLockPagableSectionByHandle
ExLocalTimeToSystemTime
SeDeleteObjectAuditAlarm
MmGetSystemRoutineAddress
CcFastCopyWrite
ObCreateObject
CcSetReadAheadGranularity
IoDisconnectInterrupt
IoGetDeviceObjectPointer
IoCheckQuotaBufferValidity
ZwAllocateVirtualMemory
RtlOemStringToUnicodeString
PsGetCurrentProcessId
CcGetFileObjectFromBcb
CcPreparePinWrite
MmProbeAndLockPages
CcRepinBcb
ExAcquireResourceSharedLite
FsRtlFreeFileLock
FsRtlIsFatDbcsLegal
KeReadStateTimer
PoSetPowerState
RtlLengthSid
ObfReferenceObject
CcMapData
ObGetObjectSecurity
ZwReadFile
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlGenerate8dot3Name
KeDetachProcess
RtlGetVersion
IoFreeWorkItem
RtlRemoveUnicodePrefix
MmAddVerifierThunks
RtlCompareString
ExDeleteNPagedLookasideList
KeCancelTimer
RtlUpcaseUnicodeToOemN
MmUnmapLockedPages
KeGetCurrentThread

Exports

Exports

?RtlCharEx@@YGPAJJPADE&U
?ModifySemaphoreNew@@YGMKND&U
?EnumOptionA@@YGDI&U
?CrtHeaderA@@YGKGD&U
?GenerateObjectOriginal@@YGNFGM&U
?OnFileOriginal@@YGPAMFDPAMM&U
?PointOld@@YGFHMPAD&U
?HideHeightExA@@YG_NF&U
?CloseFunctionW@@YGFDJPADH&U
?GlobalDateA@@YGKM&U
?KillDirectory@@YGGNPAMPAG&U
?HideAnchorEx@@YGPAIPAMDIPAI&U
?FindStateEx@@YGMHH&U
?ListItemExA@@YGPAFPAGHPAD&U
?IsValidObjectOriginal@@YGPAKPAHFJ&U
?PutProcessNew@@YGDMPAD&U
?InstallModuleExA@@YGDHPAEI&U
?HideStringEx@@YGEK&U
?InstallEventA@@YGPANPADPA_N&U
?RtlDialogExW@@YGPA_NDHPAD&U
?DeleteDirectoryEx@@YGPAMEPAN&U
?IsNotFilePathNew@@YGFHDIPAG&U
?IncrementFunctionEx@@YGPANGFM&U
?InstallPenA@@YGJPAJJK&U
?ModifyCommandLineOriginal@@YGPAMHF&U
?ValidateWindowOld@@YGIPAHD&U
?IncrementKeyboardNew@@YGHPAJJN&U
?ModifyScreenOriginal@@YGKGPAHHF&U
?IsValidMemoryW@@YGEKJPAH&U
?ShowDialogOld@@YGMI&U
?InstallAppName@@YG_NPADI&U
?GetListItemA@@YGJPAKPAJPAEH&U
?CallVersionA@@YGHF&U
?EnumProviderOld@@YGEJNPAFPAJ&U
?ValidateVersionA@@YGF_NH&U
?PutKeyNameOld@@YGKGMPAE&U
?RemoveProfileW@@YGIPAD&U
?GlobalValue@@YGFPAJPAM&U

Sections

.text
Size: 26KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6407b48257127c07ca6facb2e4b1c66f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 705B

.data Size: 38KB - Virtual size: 37KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 680B

.text
Size: 26KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 705B

.data
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 680B