15c4fb6feaf945aa325e367f033d8f58_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15c4fb6feaf945aa325e367f033d8f58_JaffaCakes118
Size

36KB
MD5

15c4fb6feaf945aa325e367f033d8f58
SHA1

b214ab1881f9eff25c95395a9e074ca8913333d0
SHA256

caa824d95fe52352c020068098ebf047172efce107ac8bb3c47ddf773ddb89e7
SHA512

bad4596ba67f3b7452529e773ba5beec692cc50f43d3781ab3f916e9e0ccba013324f16765f09daa3fa6fe72acb87b1131e118700ab3359199720561432c3e0c
SSDEEP

768:yrSAN175cLxijFlMwbjlBCdgrzP3FBWc9UMu4w:aD/NcqFlMorhBWSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c4fb6feaf945aa325e367f033d8f58_JaffaCakes118

Files

15c4fb6feaf945aa325e367f033d8f58_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a47dec7172d25e5244c9bdc552310b67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\uKdgGdQBqyQcwZ\MFxygbsIIkr\hhQRnsiZrdxxf.pdb

Imports

ntoskrnl.exe

ZwOpenProcess
MmSecureVirtualMemory
ExFreePool
RtlInitializeBitMap
IoBuildSynchronousFsdRequest
IoRemoveShareAccess
IoAllocateErrorLogEntry
KeLeaveCriticalRegion
ExAcquireFastMutexUnsafe
PsLookupThreadByThreadId
ZwOpenSection
ExRaiseStatus
KeQueryActiveProcessors
IoRegisterDeviceInterface
RtlGetVersion
RtlUnicodeStringToInteger
SeQueryAuthenticationIdToken
RtlValidSid
IoCreateDevice
FsRtlAllocateFileLock
IoReleaseCancelSpinLock
RtlCompareString
ObReferenceObjectByPointer
IoRaiseHardError
IoGetAttachedDevice
SeQueryInformationToken
RtlAppendUnicodeToString
IoFreeIrp
RtlLengthRequiredSid
PsGetCurrentProcessId
ZwReadFile
RtlUnicodeToOemN
IoCreateStreamFileObjectLite
MmAllocateContiguousMemory
RtlTimeFieldsToTime
IoIsSystemThread
IoCreateSynchronizationEvent
RtlInsertUnicodePrefix
IoAcquireCancelSpinLock
RtlSetAllBits
KeQueryInterruptTime
IoGetRequestorProcessId
PsGetCurrentThread
MmUnsecureVirtualMemory
IoStartNextPacket
ExNotifyCallback
MmIsDriverVerifying
PoCallDriver
SeCaptureSubjectContext
IoCheckEaBufferValidity
SeSinglePrivilegeCheck
RtlPrefixUnicodeString
ZwClose
FsRtlNotifyInitializeSync
RtlVerifyVersionInfo
RtlUpcaseUnicodeToOemN
KeSetTimerEx
IoFreeWorkItem
KeSetTargetProcessorDpc
KeSetKernelStackSwapEnable
ZwFlushKey
KeWaitForSingleObject
FsRtlFastUnlockSingle
ExUuidCreate
RtlFindNextForwardRunClear
IoGetDeviceInterfaces
ExRaiseAccessViolation
RtlGetNextRange
KeInitializeMutex
RtlFindClearRuns
FsRtlGetNextFileLock
CcFastCopyWrite
IoSetThreadHardErrorMode
PsGetCurrentThreadId
KeInitializeDeviceQueue
IoCreateNotificationEvent
SeCreateClientSecurity
MmBuildMdlForNonPagedPool
ExGetPreviousMode
IoWMIRegistrationControl
KeInsertDeviceQueue
ZwQueryVolumeInformationFile
MmCanFileBeTruncated
RtlInitializeGenericTable
KeStackAttachProcess
ObCreateObject
RtlNtStatusToDosError
RtlSecondsSince1980ToTime
RtlLengthSecurityDescriptor
IoStopTimer
ExIsProcessorFeaturePresent
MmAllocateNonCachedMemory
IoCheckShareAccess
ExReleaseResourceLite
SeValidSecurityDescriptor
IoQueueWorkItem
IoStartPacket
ZwDeleteKey
FsRtlIsTotalDeviceFailure
KeQueryTimeIncrement
ObReferenceObjectByHandle
ZwQueryValueKey
PsCreateSystemThread
FsRtlDeregisterUncProvider
RtlUpcaseUnicodeChar
ExInitializeResourceLite
PsTerminateSystemThread
IoSetSystemPartition
RtlAppendStringToString
KeInsertByKeyDeviceQueue
RtlFindClearBitsAndSet
IoWriteErrorLogEntry
KeDeregisterBugCheckCallback
ZwQuerySymbolicLinkObject
RtlInitializeSid
RtlEqualSid
KeSetEvent
CcUnpinDataForThread
CcPreparePinWrite
KeSetTimer
RtlEqualString
RtlCreateRegistryKey
RtlFindLastBackwardRunClear
PsIsThreadTerminating
MmProbeAndLockPages
RtlUpperString
ZwOpenKey
RtlInitAnsiString
RtlSetBits
MmLockPagableDataSection
RtlCompareUnicodeString
KeRestoreFloatingPointState
ExDeletePagedLookasideList
ExFreePoolWithTag
RtlEnumerateGenericTable
FsRtlMdlWriteCompleteDev
FsRtlCheckLockForWriteAccess
IoGetStackLimits
ExUnregisterCallback
RtlUpcaseUnicodeString
MmMapIoSpace
FsRtlFreeFileLock
IoGetDriverObjectExtension
KeEnterCriticalRegion
IoReuseIrp
KeRemoveEntryDeviceQueue
ExAcquireResourceSharedLite
RtlInitializeUnicodePrefix
FsRtlFastCheckLockForRead
PsGetVersion
RtlFillMemoryUlong
IoInitializeTimer
ZwCreateSection
RtlFindClearBits
CcFastMdlReadWait
RtlFindLongestRunClear
RtlInitUnicodeString
IoDeleteDevice
IoDisconnectInterrupt
SeImpersonateClientEx
KeRemoveByKeyDeviceQueue
RtlCharToInteger
MmQuerySystemSize
IoGetRelatedDeviceObject
RtlAreBitsSet
KeInitializeSemaphore
IoGetDeviceProperty
MmFreeNonCachedMemory
IoAllocateController
KdEnableDebugger
IoCancelIrp
IoSetDeviceInterfaceState
KeInsertHeadQueue
FsRtlLookupLastLargeMcbEntry
PsGetCurrentProcess
RtlMultiByteToUnicodeN
KeRemoveQueue
IoCreateFile
DbgBreakPointWithStatus
CcIsThereDirtyData
IoReportDetectedDevice
MmUnlockPagableImageSection
RtlFreeAnsiString
KeBugCheck
RtlCopySid
CcCopyRead
CcFastCopyRead
CcDeferWrite
ExLocalTimeToSystemTime
IoSetShareAccess
RtlAnsiStringToUnicodeString
ProbeForWrite
ExRaiseDatatypeMisalignment
RtlDowncaseUnicodeString
KeReleaseMutex
KeInsertQueueDpc
KeGetCurrentThread
KeInitializeQueue
ZwAllocateVirtualMemory
FsRtlIsNameInExpression
ZwEnumerateValueKey
RtlEqualUnicodeString
RtlCopyString
IoConnectInterrupt
FsRtlIsHpfsDbcsLegal
RtlClearBits
SeDeassignSecurity
IoSetHardErrorOrVerifyDevice
KeSaveFloatingPointState
SeOpenObjectAuditAlarm
ExRegisterCallback
MmForceSectionClosed
IoFreeMdl
KeRegisterBugCheckCallback
IoDeviceObjectType
RtlTimeToTimeFields
IoDeleteController
RtlFindLeastSignificantBit
IoGetDeviceToVerify
ZwEnumerateKey
IoDetachDevice
IoGetCurrentProcess
MmSetAddressRangeModified
PoSetPowerState
IoInvalidateDeviceRelations
IoAllocateWorkItem
PsDereferencePrimaryToken
RtlFindSetBits
KeInitializeApc
RtlUpperChar
IoGetDeviceInterfaceAlias
KeReadStateTimer
ExReleaseFastMutexUnsafe
ZwCreateKey
ExDeleteNPagedLookasideList
FsRtlIsFatDbcsLegal
RtlInt64ToUnicodeString
MmSizeOfMdl
KeClearEvent
RtlInitString
KeInitializeTimerEx
ExAllocatePoolWithTag
MmUnmapIoSpace
RtlUnicodeToMultiByteN
RtlCopyUnicodeString
ExSystemTimeToLocalTime
IoAllocateIrp
FsRtlSplitLargeMcb
RtlCopyLuid
KeSetBasePriorityThread
RtlRemoveUnicodePrefix
IoOpenDeviceRegistryKey
KeReadStateMutex
KeRemoveDeviceQueue
IoReportResourceForDetection
ExSetResourceOwnerPointer
ProbeForRead

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.impt
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.expt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a47dec7172d25e5244c9bdc552310b67

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.impt Size: 7KB - Virtual size: 6KB

.expt Size: 512B - Virtual size: 512B

.data Size: 12KB - Virtual size: 42KB

.rdata Size: 1024B - Virtual size: 800B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 13KB - Virtual size: 13KB

.impt
Size: 7KB - Virtual size: 6KB

.expt
Size: 512B - Virtual size: 512B

.data
Size: 12KB - Virtual size: 42KB

.rdata
Size: 1024B - Virtual size: 800B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 536B