158621078e20a1b8eb842cb9bbeb7884_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

158621078e20a1b8eb842cb9bbeb7884_JaffaCakes118
Size

81KB
MD5

158621078e20a1b8eb842cb9bbeb7884
SHA1

97459d39212dacad329ac3f131463d1e5a2de5a4
SHA256

83c0fc67230626df0ce3d3d0b210cf49bcdada1744585dd1b9cc0367bced26d7
SHA512

50313400afcadaed8ae9fdf98758f6c787628c9e69cf0ed4cbe82d7fd8695cebf5f62aeba98049550411d860a54edb6e6dcde9f405bf74c9758aea2d37dc28c0
SSDEEP

1536:S7aDeznWGVa5qzeSnmba9ORt+jmL9mQJQD:kE3G05qiSnD9ORt+js4qQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
158621078e20a1b8eb842cb9bbeb7884_JaffaCakes118

Files

158621078e20a1b8eb842cb9bbeb7884_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7023b7aa3a99b9b6581e9103429d400f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\wxswhrxfl\iqyuTmnHEr\MhftexQfHumj\IbVXwrs\KxHXbYDwLc.pdb

Imports

ntoskrnl.exe

IoReleaseRemoveLockAndWaitEx
IoSetTopLevelIrp
KeSetImportanceDpc
DbgBreakPoint
KeReadStateSemaphore
RtlInitializeSid
IoCreateFile
IoWriteErrorLogEntry
KeInitializeSemaphore
KefAcquireSpinLockAtDpcLevel
HalExamineMBR
FsRtlAllocateFileLock
IoDisconnectInterrupt
KeSynchronizeExecution
IoReadDiskSignature
ZwQuerySymbolicLinkObject
KeClearEvent
ExAllocatePool
KeSetSystemAffinityThread
KeQuerySystemTime
PsGetVersion
RtlLengthSecurityDescriptor
RtlCreateSecurityDescriptor
IoRegisterDeviceInterface
KeAttachProcess
IoStartPacket
IoSetStartIoAttributes
MmIsAddressValid
KeQueryActiveProcessors
CcFastCopyWrite
RtlCheckRegistryKey
IoGetDeviceObjectPointer
IoDetachDevice
MmUnmapReservedMapping
KeSetKernelStackSwapEnable
RtlCreateRegistryKey
KeInitializeQueue
KeReadStateTimer
SeQueryAuthenticationIdToken
RtlGenerate8dot3Name
ZwMapViewOfSection
MmAllocateMappingAddress
IoInitializeRemoveLockEx
RtlFindNextForwardRunClear
RtlTimeToTimeFields
RtlUpcaseUnicodeToOemN
IoReleaseCancelSpinLock
ZwUnloadDriver
RtlStringFromGUID
RtlAnsiCharToUnicodeChar
RtlFindUnicodePrefix
MmUnsecureVirtualMemory
RtlIsNameLegalDOS8Dot3
RtlPrefixUnicodeString
ObfDereferenceObject
PsReturnPoolQuota
RtlUpperString
KeInitializeDeviceQueue
WmiQueryTraceInformation
KeRegisterBugCheckCallback
KeReleaseMutex
ZwNotifyChangeKey
CcIsThereDirtyData
IoRemoveShareAccess
IoInitializeIrp
MmMapLockedPagesSpecifyCache
FsRtlCheckLockForWriteAccess
ZwQueryInformationFile
RtlAddAccessAllowedAce
RtlUnicodeStringToOemString
MmGetPhysicalAddress
MmFreeContiguousMemory
MmFreeMappingAddress
ExInitializeResourceLite
KeInitializeSpinLock
IoVerifyVolume
IoCsqRemoveIrp
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlSetAllBits
IoGetLowerDeviceObject
ExDeleteResourceLite
FsRtlIsTotalDeviceFailure
RtlInitializeUnicodePrefix
ExAcquireFastMutexUnsafe
RtlCopyString
IoEnumerateDeviceObjectList
IoAllocateWorkItem
IoIsWdmVersionAvailable
ExUuidCreate
RtlFindMostSignificantBit
SeTokenIsAdmin
IoGetDmaAdapter
PsReferencePrimaryToken
SeReleaseSubjectContext
IoReportDetectedDevice
FsRtlCheckLockForReadAccess
ZwOpenSymbolicLinkObject
KeInsertByKeyDeviceQueue
KeWaitForMultipleObjects
ExRegisterCallback
IoGetRelatedDeviceObject
CcRepinBcb
IoStartTimer
IoAllocateErrorLogEntry
ExAllocatePoolWithTag
ZwDeleteValueKey
MmCanFileBeTruncated
IoSetSystemPartition
IoCreateDisk
RtlFindLastBackwardRunClear
IoUnregisterFileSystem
IoGetRequestorProcessId
IoReleaseVpbSpinLock
RtlxAnsiStringToUnicodeSize
IoGetAttachedDeviceReference
KeDelayExecutionThread
RtlDeleteNoSplay
MmAllocatePagesForMdl
IoOpenDeviceRegistryKey
MmMapUserAddressesToPage
VerSetConditionMask
IoDeviceObjectType
ExDeleteNPagedLookasideList
IoIsOperationSynchronous
IoCheckEaBufferValidity
IoQueryDeviceDescription
RtlEqualSid
RtlCreateUnicodeString
IoGetDriverObjectExtension
RtlUpperChar
ZwAllocateVirtualMemory
MmAdvanceMdl
ZwDeleteKey
MmUnmapIoSpace
MmHighestUserAddress
RtlInitUnicodeString
RtlMultiByteToUnicodeN
SeTokenIsRestricted
ExReleaseFastMutexUnsafe
MmLockPagableSectionByHandle
MmAddVerifierThunks
RtlFindLeastSignificantBit
SeImpersonateClientEx
IoRaiseHardError
RtlHashUnicodeString
ObMakeTemporaryObject
IoFreeIrp
RtlTimeFieldsToTime
CcMapData
ExSetResourceOwnerPointer
RtlGetCallersAddress
RtlIntegerToUnicodeString
IoGetDeviceProperty
MmQuerySystemSize
DbgBreakPointWithStatus
SeQueryInformationToken
CcDeferWrite
FsRtlNotifyUninitializeSync
CcMdlRead
ZwCreateDirectoryObject
KdEnableDebugger
IoGetBootDiskInformation
SeCaptureSubjectContext
KeRundownQueue
ZwCreateKey
IoQueryFileDosDeviceName
ObReferenceObjectByPointer
ExAllocatePoolWithQuotaTag
IoDeleteDevice
RtlMapGenericMask
KeInsertHeadQueue
IoInvalidateDeviceState
RtlTimeToSecondsSince1970
IoSetDeviceInterfaceState
RtlInitializeGenericTable
ZwFreeVirtualMemory
KeReadStateEvent
MmProbeAndLockProcessPages
RtlOemStringToUnicodeString
RtlVerifyVersionInfo
ObOpenObjectByPointer
MmFlushImageSection
CcUnpinDataForThread
ExReleaseResourceLite
RtlValidSecurityDescriptor
CcFastCopyRead
RtlCompareString
RtlGetVersion
RtlEqualUnicodeString
IoGetDeviceInterfaceAlias
ZwLoadDriver
ObReleaseObjectSecurity
PsGetCurrentProcess
RtlExtendedIntegerMultiply
CcPurgeCacheSection
MmMapIoSpace
IoAcquireVpbSpinLock
ZwCreateFile
RtlFreeAnsiString
PsGetProcessExitTime
IoReadPartitionTable
SeOpenObjectAuditAlarm
FsRtlIsFatDbcsLegal
PoSetSystemState
FsRtlIsHpfsDbcsLegal
MmIsVerifierEnabled
PsGetCurrentThread
ZwSetVolumeInformationFile
RtlFindClearBitsAndSet
IoSetPartitionInformation
MmUnlockPages
ObCreateObject
RtlSubAuthoritySid
RtlSetBits
MmFreeNonCachedMemory
ExRaiseAccessViolation
RtlGetNextRange
RtlEqualString
IoQueryFileInformation
RtlClearBits
ExReinitializeResourceLite
PsGetCurrentProcessId
KeSetTimer
ZwOpenProcess
IoCreateNotificationEvent
IoReportResourceForDetection
RtlFreeOemString
IoSetHardErrorOrVerifyDevice
IofCallDriver
RtlUnicodeToMultiByteN
ExSetTimerResolution
KeSetTimerEx
DbgPrompt
CcUnpinRepinnedBcb
ExAllocatePoolWithQuota
KeBugCheck
RtlValidSid
RtlCopyUnicodeString
ExGetExclusiveWaiterCount
CcSetBcbOwnerPointer
PsCreateSystemThread
MmProbeAndLockPages
FsRtlDeregisterUncProvider
ExAcquireResourceSharedLite
ExIsProcessorFeaturePresent
SeAppendPrivileges
FsRtlFreeFileLock
IoBuildPartialMdl
IoAllocateController
RtlOemToUnicodeN
ObReferenceObjectByHandle
SeSinglePrivilegeCheck
MmGetSystemRoutineAddress
MmMapLockedPages
RtlAppendStringToString
RtlFindClearRuns

Exports

Exports

?DecrementSizeNew@@YGIJ~U
?RemoveDeviceEx@@YGPANPAJ~U
?ValidateSystemExA@@YGKHPAN~U
?InstallSizeOld@@YGPAXEFJPAK~U
?GenerateFolderA@@YGPAKPANDPAGF~U
?DeleteFolderA@@YGFG~U
?DecrementWidthW@@YGPAXJDK~U
?InvalidateFilePathEx@@YGPAGPAKPAK~U
?PutFolderPathExA@@YGHPAHPAE~U
?CloseSystemOld@@YG_NKMH~U
?RemoveSizeOriginal@@YGGFPAKH~U
?IsNotStringW@@YGXEPAHPAD~U
?DeleteModuleW@@YGNDPAGH~U
?CallOptionEx@@YGDPAJFNJ~U
?IsNotWidth@@YGXM~U
?KillWindowInfoEx@@YGHDF~U
?CancelRectW@@YGJJME~U
?OnScreenExW@@YGGKPAIGPAD~U
?RtlStringOld@@YGNEIPAN~U
?RtlTextW@@YGPAXMPA_NGF~U
?InstallTaskW@@YGXNHGPAK~U
?GetConfigExA@@YGIMPAHGM~U
?ShowThreadNew@@YGDI~U
?CallDeviceEx@@YGKPAFG~U
?KillPenA@@YGMM~U
?FormatListItemOriginal@@YGFN~U
?ShowFunction@@YGJPAE~U
?GetWindowInfoOriginal@@YGPAEPAHPADM~U
?ValidateClassW@@YGXMIPA_NJ~U
?RtlAppNameEx@@YGXMKPAEE~U
?DeleteSizeEx@@YGPAMJPAD~U
?InsertSizeOld@@YGPAXPAHPAEGJ~U
?FindFolderNew@@YGPADDH~U
?DeleteAppNameOriginal@@YGPAIGPAHH~U
?RtlState@@YGPAIMPADH~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7023b7aa3a99b9b6581e9103429d400f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 309B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 309B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 676B