16a1c266ff511026883f1330677ecd25_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16a1c266ff511026883f1330677ecd25_JaffaCakes118
Size

365KB
MD5

16a1c266ff511026883f1330677ecd25
SHA1

4e881db11efa10441425f4cbbc5659b737bbcefb
SHA256

7758fe3634db18f178d8370d27dd8e261f4b9548bc054868812e0fc4a0d2172e
SHA512

dd577977e168f43de1787f34c78fe8f8daca31531df13dc2b636b921ce659c891809332113559ecebd63a4e8c05e1b8f1f62e4afd1172be7e204f85ad108b096
SSDEEP

6144:nZsoh3xEJoYL4WjO8Pe8F7EHkunkKr/DvsI9021VuhuVRPTeiN2d/LQNba3oA:uoNGqYL4ooHtfvLn2u/E/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16a1c266ff511026883f1330677ecd25_JaffaCakes118

Files

16a1c266ff511026883f1330677ecd25_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0241e8f79cf9775976afb55ff5543b27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tcpip.pdb

Imports

ntoskrnl.exe

MmLockPagableSectionByHandle
_wcsicmp
wcscpy
wcsncpy
wcschr
RtlAppendUnicodeToString
RtlExtendedMagicDivide
ExLocalTimeToSystemTime
RtlTimeToTimeFields
RtlIpv4StringToAddressW
RtlUnicodeStringToInteger
ZwEnumerateValueKey
KeReadStateEvent
KeReleaseMutex
MmIsThisAnNtAsSystem
KeInitializeMutex
IoRaiseInformationalHardError
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
InterlockedPopEntrySList
InterlockedPushEntrySList
ZwQueryValueKey
ZwSetValueKey
ExIsProcessorFeaturePresent
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlAddAce
RtlGetAce
MmLockPagableDataSection
RtlInitializeSid
RtlLengthRequiredSid
ObSetSecurityObjectByPointer
RtlSelfRelativeToAbsoluteSD
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlVerifyVersionInfo
VerSetConditionMask
IoWMIRegistrationControl
IoGetCurrentProcess
KeInitializeTimerEx
RtlExtendedIntegerMultiply
KeQueryInterruptTime
_aulldiv
DbgBreakPoint
KeSetTargetProcessorDpc
RtlSetBit
SeUnlockSubjectContext
SeAccessCheck
SeLockSubjectContext
ObDereferenceSecurityDescriptor
PsGetCurrentProcessId
RtlWalkFrameChain
_aulldvrm
ExNotifyCallback
ExCreateCallback
ObReferenceObjectByHandle
MmUnlockPages
SeFreePrivileges
SeAppendPrivileges
ObLogSecurityDescriptor
SeAssignSecurity
IoFileObjectType
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
ProbeForWrite
ObfReferenceObject
PsGetCurrentProcess
RtlPrefetchMemoryNonTemporal
ExInitializeNPagedLookasideList
KeInitializeDpc
KeInitializeTimer
KeSetTimerEx
ZwClose
IoCreateDevice
IoDeleteDevice
ZwOpenKey
KeDelayExecutionThread
KeWaitForSingleObject
ExDeleteNPagedLookasideList
MmUnlockPagableImageSection
RtlInitUnicodeString
IoCreateSymbolicLink
IoDeleteSymbolicLink
KeSetEvent
KeQueryTimeIncrement
KeEnterCriticalRegion
KeLeaveCriticalRegion
ZwSetInformationThread
KeQuerySystemTime
_allmul
_alldiv
MmQuerySystemSize
ExfInterlockedInsertTailList
RtlCompareUnicodeString
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
wcslen
RtlCompareMemory
RtlAreBitsSet
RtlClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
KeCancelTimer
KeClearEvent
DbgPrint
memmove
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
ZwLoadDriver
KeResetEvent
MmMapLockedPages
KeInitializeSpinLock
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IofCompleteRequest
KeInitializeEvent
ExfInterlockedAddUlong
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
IoFreeMdl
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeNumberProcessors
ExFreePoolWithTag
ExAllocatePoolWithTagPriority
KeBugCheckEx
RtlSubAuthoritySid
KeTickCount
MmBuildMdlForNonPagedPool
ZwDeviceIoControlFile
ZwCreateFile

hal

KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex

ndis.sys

NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisFreePacket
NdisAllocatePacket
NdisSetPacketPoolProtocolId
NdisAllocatePacketPoolEx
NdisReturnPackets
NdisCompleteBindAdapter
NdisReEnumerateProtocolBindings
NdisFreeBufferPool
NdisFreePacketPool
NdisAllocateBufferPool
NdisCompletePnPEvent
NdisCloseAdapter
NdisCancelSendPackets
NdisRequest
NdisFreeMemory
NdisQueryAdapterInstanceName
NdisCopyBuffer
NdisRegisterProtocol
NdisGetReceivedPacket
NdisOpenAdapter
NdisGetDriverHandle

tdi.sys

CTESignal
CTESystemUpTime
CTEScheduleDelayedEvent
CTEInitEvent
CTEStartTimer
CTEInitTimer
CTEBlock
TdiProviderReady
CTEInitialize
TdiDeregisterNetAddress
TdiRegisterNetAddress
TdiDeregisterDeviceObject
CTEBlockWithTracker
CTELogEvent
TdiRegisterDeviceObject
TdiCopyMdlChainToMdlChain
TdiPnPPowerRequest
TdiDeregisterProvider
TdiRegisterProvider
TdiInitialize
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
CTEScheduleEvent
TdiCopyBufferToMdl
CTERemoveBlockTracker
CTEInsertBlockTracker
TdiMapUserRequest
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

Exports

Exports

FreeIprBuff
GetIFAndLink
IPAddInterface
IPAllocBuff
IPDelInterface
IPDelayedNdisReEnumerateBindings
IPDeregisterARP
IPDisableSniffer
IPEnableSniffer
IPFreeBuff
IPGetAddrType
IPGetBestInterface
IPGetInfo
IPInjectPkt
IPProxyNdisRequest
IPRegisterARP
IPRegisterProtocol
IPSetIPSecStatus
IPTransmit
LookupRoute
LookupRouteInformation
LookupRouteInformationWithBuffer
SendICMPErr
SetIPSecPtr
UnSetIPSecPtr
UnSetIPSecSendPtr
tcpxsum

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEIPMc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 768B - Virtual size: 747B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0241e8f79cf9775976afb55ff5543b27

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

tdi.sys

Exports

Exports

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 41KB - Virtual size: 41KB

PAGE Size: 7KB - Virtual size: 7KB

PAGEIPMc Size: 10KB - Virtual size: 9KB

PAGELK Size: 1KB - Virtual size: 1KB

.edata Size: 768B - Virtual size: 747B

INIT Size: 22KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 41KB - Virtual size: 41KB

PAGE
Size: 7KB - Virtual size: 7KB

PAGEIPMc
Size: 10KB - Virtual size: 9KB

PAGELK
Size: 1KB - Virtual size: 1KB

.edata
Size: 768B - Virtual size: 747B

INIT
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 28KB - Virtual size: 28KB