15e2ae4e0b6c87f15423265d11ec00a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15e2ae4e0b6c87f15423265d11ec00a0_JaffaCakes118
Size

331KB
MD5

15e2ae4e0b6c87f15423265d11ec00a0
SHA1

08691e3bc3c5933feabb51475a7ed7c12b21cb9c
SHA256

6a5094d62db57245aa1e7d3403c244de7d8987586f7920aef08126be86e4e018
SHA512

c45621a1f8aac12dcb3b919bb9b1caf21ae525b677a6dd3a0d5e9ec50e73c5bad3cea81e52596aeae9b7d7450360f84e34c14f71cfcd9da72c9b4dd2b0345568
SSDEEP

6144:VJVibXM9dIuLj5la/n/jtglEoa4vHg+u83lyn1q+/jst8KHfjIckkQYdWihh19:LVXIu3a6lZa4fg+e1q+/4ttHfjIc7Qk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15e2ae4e0b6c87f15423265d11ec00a0_JaffaCakes118

Files

15e2ae4e0b6c87f15423265d11ec00a0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

90275a75a7c15e228614ea03d77520bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\mgcgDquoAjetMi\ayqpzSntemu\qajfLpd\igDbOhbwvNfVUO\Mforcyjp.pdb

Imports

ntoskrnl.exe

RtlEqualString
RtlUpcaseUnicodeChar
MmUnmapReservedMapping
ZwDeleteValueKey
IoGetDeviceInterfaceAlias
KeLeaveCriticalRegion
KeQueryActiveProcessors
IoGetBootDiskInformation
CcMdlReadComplete
KeGetCurrentThread
MmSizeOfMdl
KeQueryInterruptTime
CcCanIWrite
ZwFlushKey
KeRegisterBugCheckCallback
PsGetCurrentProcess
IoCreateStreamFileObjectLite
RtlDelete
MmMapLockedPages
RtlUnicodeStringToAnsiString
RtlNtStatusToDosError
KeRestoreFloatingPointState
KeInitializeDeviceQueue
RtlAddAccessAllowedAce
IoSetStartIoAttributes
RtlOemStringToUnicodeString
FsRtlLookupLastLargeMcbEntry
RtlInitializeUnicodePrefix
MmQuerySystemSize
KePulseEvent
KeStackAttachProcess
ExNotifyCallback
SeSinglePrivilegeCheck
ObOpenObjectByPointer
ExReinitializeResourceLite
RtlQueryRegistryValues
KeRemoveQueue
IoIsOperationSynchronous
ZwOpenSection
IoFreeErrorLogEntry
KeQuerySystemTime
RtlAnsiStringToUnicodeString
IoGetDeviceAttachmentBaseRef
SeReleaseSubjectContext
PsGetProcessExitTime
ObfDereferenceObject
MmBuildMdlForNonPagedPool
ZwQueryKey
IoDetachDevice
SeValidSecurityDescriptor
MmAllocateMappingAddress
CcPreparePinWrite
FsRtlDeregisterUncProvider
KeDelayExecutionThread
PsReturnPoolQuota
MmIsDriverVerifying
SeTokenIsRestricted
SeDeassignSecurity
SeAppendPrivileges
IoWriteErrorLogEntry
SeFreePrivileges
CcCopyWrite
RtlFindUnicodePrefix
RtlCopySid
MmAdvanceMdl
IoAcquireVpbSpinLock
ZwCreateDirectoryObject
KeRemoveQueueDpc
MmIsVerifierEnabled
SeCaptureSubjectContext
IoCreateStreamFileObject
RtlCopyString
ZwMapViewOfSection
IoQueryFileDosDeviceName
ExFreePool
RtlTimeFieldsToTime
RtlRandom
ZwWriteFile
IoWMIWriteEvent
RtlStringFromGUID
CcUninitializeCacheMap
ZwDeviceIoControlFile
RtlSecondsSince1970ToTime
RtlMapGenericMask
ZwEnumerateValueKey
FsRtlIsNameInExpression
RtlInitAnsiString
IoBuildPartialMdl
FsRtlNotifyUninitializeSync
CcFastCopyRead
RtlMultiByteToUnicodeN
SeQueryAuthenticationIdToken
SePrivilegeCheck
IoAcquireCancelSpinLock
RtlTimeToTimeFields
PsIsThreadTerminating
ExAllocatePoolWithQuotaTag
ZwOpenKey
RtlCreateAcl
SeAssignSecurity
CcFastCopyWrite
ExIsProcessorFeaturePresent
ZwFsControlFile
KeSetKernelStackSwapEnable
CcIsThereDirtyData
PsLookupProcessByProcessId
PoCallDriver
KeFlushQueuedDpcs
IoWritePartitionTableEx
ZwSetValueKey
FsRtlFastCheckLockForRead
SeAccessCheck
RtlUpcaseUnicodeToOemN
KeInitializeTimerEx
RtlFreeAnsiString
ExInitializeResourceLite
CcUnpinRepinnedBcb
CcInitializeCacheMap
RtlSetBits
ZwOpenProcess
PsDereferencePrimaryToken
IoGetStackLimits
CcUnpinData
CcPinMappedData
ExDeleteNPagedLookasideList
RtlAreBitsSet
KdDisableDebugger
RtlIntegerToUnicodeString
IoDeleteController
IoAllocateAdapterChannel
IoSetPartitionInformationEx
IoReleaseRemoveLockEx
ExLocalTimeToSystemTime
FsRtlFreeFileLock
KeClearEvent
ObGetObjectSecurity
KeInitializeSpinLock
ExRaiseAccessViolation
ExAllocatePoolWithQuota
PoUnregisterSystemState
KeReleaseSemaphore
IoSetPartitionInformation
IoGetLowerDeviceObject
IoAcquireRemoveLockEx
KeInsertDeviceQueue
ZwSetVolumeInformationFile
PsCreateSystemThread
ExSetTimerResolution
RtlFillMemoryUlong
FsRtlCheckLockForReadAccess
IoReuseIrp
MmLockPagableDataSection
IoUnregisterFileSystem
CcRemapBcb
IoCheckQuotaBufferValidity
CcSetBcbOwnerPointer
KeInitializeDpc
MmAllocateContiguousMemory
PsLookupThreadByThreadId
FsRtlFastUnlockSingle
IoSetDeviceToVerify
DbgPrompt
ExReleaseFastMutexUnsafe
RtlFindMostSignificantBit
KeRevertToUserAffinityThread
IoCancelIrp
IoDeleteDevice
ZwAllocateVirtualMemory
RtlAppendStringToString
ZwQueryValueKey
KeBugCheck
WmiQueryTraceInformation
KeDetachProcess
ExAcquireResourceSharedLite
IoInitializeIrp
MmIsAddressValid
RtlDeleteElementGenericTable
IoRemoveShareAccess
ExDeleteResourceLite
KeSetTimer
RtlInitializeSid
IoGetTopLevelIrp
PoRegisterSystemState
RtlAppendUnicodeToString
KeInsertHeadQueue
RtlValidSecurityDescriptor
IoReportDetectedDevice
IoGetDmaAdapter
MmFreeContiguousMemory
ZwFreeVirtualMemory
IoSetThreadHardErrorMode
PsSetLoadImageNotifyRoutine
MmCanFileBeTruncated
ObReferenceObjectByHandle
ObReferenceObjectByPointer
FsRtlIsHpfsDbcsLegal
KeReadStateEvent
KeSynchronizeExecution
RtlFindClearBitsAndSet
IoReadDiskSignature
CcSetReadAheadGranularity
ExRegisterCallback
FsRtlGetNextFileLock
SeFilterToken
IoGetRequestorProcessId
ZwSetSecurityObject
SeCreateClientSecurity
PsGetThreadProcessId
ZwQueryObject
IoGetAttachedDevice
RtlHashUnicodeString
MmGetSystemRoutineAddress
RtlCreateRegistryKey
IoCheckEaBufferValidity
IoIsSystemThread
RtlAreBitsClear
IoGetDiskDeviceObject
RtlFindClearRuns
RtlIsNameLegalDOS8Dot3
SeUnlockSubjectContext
ExAllocatePool
ZwCreateFile
KeBugCheckEx
FsRtlMdlWriteCompleteDev
ZwCreateKey
IoDisconnectInterrupt
PsGetProcessId
IoAllocateController
RtlCopyUnicodeString
RtlCompareMemory
RtlDeleteNoSplay
MmFreeNonCachedMemory
ObQueryNameString
KeInsertQueueDpc
FsRtlAllocateFileLock
IoThreadToProcess
RtlInitializeBitMap
IoSetDeviceInterfaceState
IoInvalidateDeviceRelations
MmAllocateNonCachedMemory
ZwLoadDriver
RtlDowncaseUnicodeString
IoStopTimer
KefAcquireSpinLockAtDpcLevel
ExGetPreviousMode
ExGetExclusiveWaiterCount
IoCsqRemoveIrp
SeOpenObjectAuditAlarm
ZwClose
KeInitializeApc
IoEnumerateDeviceObjectList
RtlClearAllBits
RtlEqualUnicodeString
KeDeregisterBugCheckCallback
PsRevertToSelf
ZwEnumerateKey
IoAllocateIrp
FsRtlNotifyInitializeSync

Exports

Exports

?RtlValueExA@@YGPAIHPADE]A
?DecrementFolderA@@YGXPAHK]A
?CrtAnchorOriginal@@YGPAGJ]A
?CrtStateEx@@YGNIPAJF]A
?PutCharEx@@YGPAIPANPAKJ]A
?GetSection@@YGGNG]A
?GlobalOptionExA@@YGI_N]A
?ShowMonitorOriginal@@YGPAGH]A
?ClosePenOld@@YGDK]A
?DeleteMessageW@@YGXPAIPAK]A
?PutMutantA@@YGFJPAH]A
?HideAnchorOld@@YGJ_NK]A
?IsNotListItemOld@@YGXPAI_NHG]A
?EnumWindowEx@@YGHPAHGPAKF]A
?OnName@@YG_NDNPAH]A
?SetDataA@@YGEM]A
?InsertHeaderEx@@YGFPAM]A
?DeleteMonitorExA@@YGPAIDPAFGD]A
?GenerateFullNameOld@@YGDPAFPAJ]A
?EnumSemaphoreW@@YGPAXF_N]A
?OnAppNameEx@@YGXPAK_N]A
?HideProviderEx@@YGPADMM]A
?IsNotDateTimeEx@@YGJPAGPAJ]A
?RemoveAppNameExW@@YGFPAHIPAK]A
?FormatWindowA@@YGPADDPAG]A
?CrtSectionOriginal@@YGPAEGDPAF]A
?LoadFullName@@YGPAIKH]A
?HideHeight@@YG_NPAJPAJM]A
?ShowSectionEx@@YGPA_NDPAJMJ]A
?IsTextA@@YGMPAKEDK]A
?EnumKeyNameOriginal@@YGPAIJ]A
?ValidateProcessA@@YGMM]A

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90275a75a7c15e228614ea03d77520bc

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 341B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 696B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 341B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 696B