0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118
Size

56KB
MD5

0e24bb5eafe834e7c6cfaf584ba7254b
SHA1

1eb304e03270acd53bc51e0494d2a8192a2d6faf
SHA256

f6ebba245c768c2bf46acd555b406a789397e99a301b579e76f9f04658e05a0d
SHA512

180c39ed6182466efa9b2e90890550ad3d4d945a903946f4690f428308e086561e33b95a22680f442dc7a6080daef5112f384f5e054760b852d4ce18f9b0cf49
SSDEEP

1536:pk8edU03Lii4KNJB1pWG1xLPG/HwubVv9:yU03Li7chwGEH9Vv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118

Files

0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

477926afcd5221b21f6c9dec9d5ff856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\oyakDwYgkg\hfeNmFhGiH\pcyatKrFhEw\amkwqMrlVtreu\hvpNJQrgwkrbef.pdb

Imports

ntoskrnl.exe

KeInsertQueue
RtlGetNextRange
ExDeletePagedLookasideList
RtlUnicodeStringToAnsiString
KeRemoveDeviceQueue
ObReferenceObjectByPointer
IoSetSystemPartition
KeRevertToUserAffinityThread
RtlEnumerateGenericTable
ProbeForWrite
RtlUnicodeStringToOemString
IoCheckShareAccess
SeTokenIsRestricted
ExVerifySuite
ObQueryNameString
RtlFindClearBitsAndSet
ZwFreeVirtualMemory
ZwMakeTemporaryObject
MmMapIoSpace
IoFreeIrp
IoSetTopLevelIrp
FsRtlCheckLockForWriteAccess
SeAssignSecurity
ExLocalTimeToSystemTime
IoGetRequestorProcess
MmBuildMdlForNonPagedPool
RtlUpcaseUnicodeToOemN
PsTerminateSystemThread
KeResetEvent
PsChargeProcessPoolQuota
RtlLengthSid
RtlUpperChar
KeRemoveEntryDeviceQueue
RtlClearAllBits
ZwCreateFile
RtlUpcaseUnicodeChar
KeReadStateEvent
RtlGUIDFromString
SeFreePrivileges
RtlExtendedIntegerMultiply
CcMdlReadComplete
RtlAreBitsSet
IoStartPacket
HalExamineMBR
RtlHashUnicodeString
RtlCompareMemory
RtlValidSecurityDescriptor
RtlVolumeDeviceToDosName
KeInitializeQueue
ZwFsControlFile
FsRtlAllocateFileLock
MmIsThisAnNtAsSystem
PoRegisterSystemState
FsRtlIsNameInExpression
RtlSecondsSince1970ToTime
ExFreePoolWithTag
FsRtlCheckLockForReadAccess
SeAccessCheck
RtlAppendUnicodeToString
RtlGetVersion
IoQueueWorkItem
PsLookupProcessByProcessId
CcUnpinRepinnedBcb
IoSetDeviceInterfaceState
IoGetRelatedDeviceObject
CcSetDirtyPinnedData
PsLookupThreadByThreadId
FsRtlDeregisterUncProvider
RtlDeleteElementGenericTable
KeReleaseSemaphore
ObGetObjectSecurity
KeInsertDeviceQueue
IoRegisterDeviceInterface
ZwDeleteKey
PsDereferencePrimaryToken
CcSetFileSizes
IoVerifyPartitionTable
RtlSetBits
FsRtlIsTotalDeviceFailure
IoAllocateAdapterChannel
IoInvalidateDeviceState
PsGetCurrentProcess
KeUnstackDetachProcess
RtlInt64ToUnicodeString
IoUnregisterFileSystem
KeReadStateMutex
KeSynchronizeExecution
CcFlushCache
MmMapUserAddressesToPage
KeRestoreFloatingPointState
CcCopyRead
IoVerifyVolume
RtlInsertUnicodePrefix
RtlTimeToTimeFields
IoReleaseCancelSpinLock
CcUnpinDataForThread
KeSetKernelStackSwapEnable
IoSetPartitionInformation
KefAcquireSpinLockAtDpcLevel
IoStartNextPacket
RtlFreeAnsiString
CcCanIWrite
IoGetDeviceToVerify
IoSetThreadHardErrorMode
MmForceSectionClosed
SeLockSubjectContext
IoSetHardErrorOrVerifyDevice
MmMapLockedPages
KeInsertHeadQueue
CcMdlWriteComplete
RtlInitializeUnicodePrefix
MmIsDriverVerifying
KeSetPriorityThread
MmAddVerifierThunks
CcMdlRead
KeSetTimer
CcInitializeCacheMap
KeInsertByKeyDeviceQueue
ZwDeviceIoControlFile
RtlDowncaseUnicodeString
RtlAddAccessAllowedAce
ZwQuerySymbolicLinkObject
RtlxOemStringToUnicodeSize
ZwNotifyChangeKey
RtlFindUnicodePrefix
ExReleaseResourceLite
RtlNtStatusToDosError
IoDeleteController
IoInvalidateDeviceRelations
ExCreateCallback
IoFreeController
DbgBreakPointWithStatus
SeCreateClientSecurity
IoGetDeviceObjectPointer
KeClearEvent
MmLockPagableSectionByHandle
RtlAnsiStringToUnicodeString
MmIsAddressValid
IoGetLowerDeviceObject
SeAppendPrivileges
FsRtlIsHpfsDbcsLegal
ExSetTimerResolution
KeInitializeTimer
RtlIntegerToUnicodeString
IoAllocateErrorLogEntry
IoCreateFile
ExAllocatePoolWithTag
MmAdvanceMdl
RtlUnicodeStringToInteger
RtlFindLongestRunClear
IoQueryFileInformation
KeInitializeSemaphore
KeQueryActiveProcessors
MmAllocatePagesForMdl
CcIsThereDirtyData
MmUnmapLockedPages
CcSetBcbOwnerPointer
RtlFindLeastSignificantBit
KeInitializeApc
IoFreeMdl
IoRaiseHardError
RtlCopyUnicodeString
IoGetAttachedDevice
IoReportDetectedDevice
ObReleaseObjectSecurity
IoWMIRegistrationControl
RtlSubAuthoritySid
PsGetCurrentProcessId
IoBuildPartialMdl
MmUnmapIoSpace
RtlSecondsSince1980ToTime
FsRtlFreeFileLock
IoReadPartitionTableEx
ExReleaseFastMutexUnsafe
CcFastMdlReadWait
RtlInitAnsiString
IoConnectInterrupt
IoDeleteSymbolicLink
IoAllocateMdl
KeSetTargetProcessorDpc
IoAcquireVpbSpinLock
KeInitializeSpinLock
RtlCopyLuid
KeRemoveByKeyDeviceQueue
IoReleaseRemoveLockEx
IoAllocateWorkItem
MmSecureVirtualMemory
CcPinRead
IoSetShareAccess
IoGetDeviceProperty
ZwOpenFile
IoReadDiskSignature
RtlInitUnicodeString
KeWaitForSingleObject
RtlUpperString
SeQueryInformationToken
ExUnregisterCallback
RtlMapGenericMask
MmMapLockedPagesSpecifyCache
RtlUnicodeToMultiByteN
ExDeleteResourceLite
DbgPrompt
ProbeForRead
ZwSetValueKey
FsRtlLookupLastLargeMcbEntry
IofCallDriver
IoAcquireCancelSpinLock
PsGetVersion
IoSetDeviceToVerify
KeSaveFloatingPointState
SeCaptureSubjectContext
IoReuseIrp
MmIsVerifierEnabled
CcPreparePinWrite
RtlVerifyVersionInfo
IoCreateDevice
KeBugCheck
MmHighestUserAddress
SeQueryAuthenticationIdToken
ExSystemTimeToLocalTime
PsGetProcessId
RtlFindLastBackwardRunClear
IoInitializeRemoveLockEx
IoCancelIrp
RtlFillMemoryUlong
ExRaiseDatatypeMisalignment
IoGetAttachedDeviceReference
IoReleaseVpbSpinLock
CcRepinBcb
IoAcquireRemoveLockEx
SeImpersonateClientEx
PoSetSystemState
RtlFreeOemString
RtlAddAccessAllowedAceEx
KeRundownQueue
PoCallDriver
SeDeassignSecurity
IoGetRequestorProcessId
PsImpersonateClient
RtlFindClearBits
RtlCreateSecurityDescriptor
MmUnlockPages
IoGetBootDiskInformation
IoCreateStreamFileObject
IoIsWdmVersionAvailable
CcFastCopyWrite
ExReinitializeResourceLite
KeCancelTimer
ZwQueryInformationFile
KeQuerySystemTime
MmAllocateContiguousMemory
IoGetDeviceInterfaceAlias
FsRtlFastUnlockSingle
MmSetAddressRangeModified
ObInsertObject
RtlSplay
RtlCreateUnicodeString
IoCheckQuotaBufferValidity
IoCreateSymbolicLink
RtlIsNameLegalDOS8Dot3
ExSetResourceOwnerPointer
CcUninitializeCacheMap
IoRequestDeviceEject

Exports

Exports

?InstallPathExW@@YGEPAJM~U
?OnHeaderA@@YGJGPAM~U
?LoadTimerA@@YGPAMPAEIN~U
?SendProviderNew@@YGMMNPADM~U
?SetDataEx@@YGHJ~U
?FindScreenOriginal@@YGPAHHM~U
?OnWindowA@@YGPAXMI~U
?GetRectOriginal@@YGPAMN~U
?FormatTextNew@@YGJNMG~U
?IsNotProcess@@YGPAGNPAH~U
?PutSemaphoreEx@@YGKDG~U
?EnumMutant@@YGX_NIN~U
?ShowPathEx@@YGPAXD~U
?ValidateModuleW@@YGIPAHG~U
?InvalidateObjectExA@@YGPAXIEMK~U
?CallObjectExW@@YGPAIK~U
?IsDateTimeEx@@YG_NJPAM~U
?CancelDataA@@YG_NPAHH~U
?DecrementPenA@@YGXKPAHPAGJ~U
?IsValidRectNew@@YGPAXDIH~U
?SetMessageExA@@YGPAFJPAKGPAF~U
?IsValidFileW@@YGXHFG~U
?AddPathExW@@YG_NPAFPAKDPA_N~U
?SetWindowInfoExA@@YGPAEMKDH~U
?IsNotKeyNameW@@YGXHPAFPAK~U
?PenExW@@YGPAJMKM_N~U
?EnumVersionW@@YGPAEGEPAIG~U
?AddSemaphoreOriginal@@YGPAEF~U
?OnFolderPathExA@@YGHIPAM~U
?OnDialogOriginal@@YGPAXG~U
?HideCharEx@@YGPAGG~U
?ModifyProviderNew@@YGHKDMPAJ~U
?ValidateComponentOriginal@@YG_NGKIH~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

477926afcd5221b21f6c9dec9d5ff856

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 468B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 724B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 468B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 724B