1a9e920d7e0e869755e6456ccebb1c9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a9e920d7e0e869755e6456ccebb1c9c_JaffaCakes118
Size

73KB
MD5

1a9e920d7e0e869755e6456ccebb1c9c
SHA1

d2402306aa034b27fd87ee750d731f3bdc114533
SHA256

212f591c4f2eb93e093a7f8a62186ca7c0eba9c7a3617587fe532135ac41f479
SHA512

355baa4880b22622ac6dc4a6c3b5a1fded95edfaaee30659283e9c162bab57fffda1e2b9e9d2b0696d9b641143fb71b9a32527272ad11533636f6ea0e6337659
SSDEEP

768:dycmBH1/esHHgf1jdnWDWSgs7NBlgWMX3Mi2eYPkJ7y6KhNCMGq12xb4:dmWCA9jMTPrc3SkJ7TKL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a9e920d7e0e869755e6456ccebb1c9c_JaffaCakes118

Files

1a9e920d7e0e869755e6456ccebb1c9c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a9c0486eb704e142b27e1160fdbb35c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\VzyznmR\JKjekntUhlwdjg\wlooAiodDzWmh.pdb

Imports

ntoskrnl.exe

KeRemoveDeviceQueue
RtlAppendStringToString
KeRemoveByKeyDeviceQueue
RtlClearBits
RtlSetBits
SeAccessCheck
RtlFindSetBits
ZwDeviceIoControlFile
RtlNtStatusToDosError
IoQueueWorkItem
KdDisableDebugger
IoAllocateWorkItem
KeFlushQueuedDpcs
KeCancelTimer
IoInitializeIrp
ObReferenceObjectByHandle
RtlUnicodeStringToInteger
PoStartNextPowerIrp
RtlAreBitsClear
KeLeaveCriticalRegion
RtlCompareString
SeDeassignSecurity
KeRemoveQueue
RtlInitializeGenericTable
KeBugCheck
RtlxUnicodeStringToAnsiSize
ExIsProcessorFeaturePresent
FsRtlIsDbcsInExpression
KePulseEvent
MmIsAddressValid
FsRtlIsFatDbcsLegal
MmUnsecureVirtualMemory
PsGetCurrentProcessId
RtlInsertUnicodePrefix
ExNotifyCallback
IoFreeMdl
IoGetDriverObjectExtension
IoStartNextPacket
ExCreateCallback
ExDeleteNPagedLookasideList
IoIsWdmVersionAvailable
ZwFreeVirtualMemory
IoSetShareAccess
KeSetPriorityThread
IoFreeIrp
MmForceSectionClosed
ObReferenceObjectByPointer
KeWaitForMultipleObjects
DbgBreakPointWithStatus
IoAllocateIrp
ExAllocatePoolWithQuotaTag
RtlCopyLuid
IoDeleteSymbolicLink
RtlValidSecurityDescriptor
PsGetCurrentProcess
ExSetTimerResolution
RtlTimeToSecondsSince1980
RtlUpcaseUnicodeString
ZwFsControlFile
KeClearEvent
IoGetStackLimits
SeQueryInformationToken
IoRaiseHardError
RtlGetVersion
ExSystemTimeToLocalTime
KeInitializeMutex
IoGetBootDiskInformation
RtlMultiByteToUnicodeN
RtlCreateUnicodeString
ZwMapViewOfSection
IoCreateStreamFileObjectLite
ExUnregisterCallback
ExUuidCreate
KeInitializeTimer
KeEnterCriticalRegion
IoMakeAssociatedIrp
RtlSubAuthoritySid
ObCreateObject
MmMapLockedPagesSpecifyCache
IoCreateNotificationEvent
IoReportResourceForDetection
MmUnmapLockedPages
PsDereferencePrimaryToken
IoStartPacket
RtlInitUnicodeString
RtlTimeToTimeFields
SeValidSecurityDescriptor
KdEnableDebugger
PsIsThreadTerminating
IoDeleteDevice
PoCallDriver
ExRaiseDatatypeMisalignment
KeStackAttachProcess
IoReleaseCancelSpinLock
KeInsertQueueDpc
RtlOemStringToUnicodeString
SeCreateClientSecurity
RtlUpcaseUnicodeToOemN
ZwCreateSection
ExAllocatePoolWithTag
RtlUpperChar
CcSetBcbOwnerPointer
IoIsSystemThread
IoRequestDeviceEject
IoDeleteController
KeSaveFloatingPointState
KeReadStateMutex
FsRtlMdlWriteCompleteDev
RtlCreateSecurityDescriptor
ZwQueryObject
MmAllocateContiguousMemory
RtlFillMemoryUlong
ProbeForWrite
FsRtlGetNextFileLock
SeQueryAuthenticationIdToken
PoSetPowerState
KeQuerySystemTime
KeInitializeEvent
FsRtlNotifyInitializeSync
MmSetAddressRangeModified
RtlAnsiStringToUnicodeString
RtlGetNextRange
MmAllocateNonCachedMemory
IoCheckEaBufferValidity
MmLockPagableSectionByHandle
KeRemoveQueueDpc
IoSetDeviceInterfaceState
ZwCreateDirectoryObject
SeTokenIsRestricted
KeInsertHeadQueue
KeSetEvent
RtlSecondsSince1980ToTime
IoGetRelatedDeviceObject
SeAssignSecurity
FsRtlFastCheckLockForRead
SeCaptureSubjectContext
PsGetVersion
RtlSetAllBits
KeInitializeTimerEx
IoGetDeviceInterfaceAlias
CcPreparePinWrite
FsRtlLookupLastLargeMcbEntry
ExGetSharedWaiterCount
IoCreateFile
IoWriteErrorLogEntry
KeInsertDeviceQueue
RtlFindUnicodePrefix
FsRtlFreeFileLock
KeInitializeQueue
FsRtlDeregisterUncProvider
IoGetDmaAdapter
ExRaiseAccessViolation
ExRaiseStatus
IoSetThreadHardErrorMode
KeRemoveEntryDeviceQueue
KeInitializeDeviceQueue
MmQuerySystemSize
RtlStringFromGUID
CcUnpinDataForThread
CcDeferWrite
ZwOpenSection
RtlEnumerateGenericTable
KeSetImportanceDpc
IoAcquireCancelSpinLock
MmResetDriverPaging
IoCheckQuotaBufferValidity
ExLocalTimeToSystemTime
ZwDeleteValueKey
PsSetLoadImageNotifyRoutine
FsRtlCheckOplock
CcFastMdlReadWait
RtlTimeFieldsToTime
PsLookupThreadByThreadId
KeInitializeApc
FsRtlSplitLargeMcb
ExGetPreviousMode
RtlRandom
IoSetSystemPartition
MmIsDriverVerifying
RtlFindClearRuns
RtlSetDaclSecurityDescriptor
CcIsThereDirtyData
RtlDowncaseUnicodeString
IoGetAttachedDevice
IoSetHardErrorOrVerifyDevice
KeRundownQueue
RtlFindMostSignificantBit
ZwMakeTemporaryObject
RtlCharToInteger
KeInitializeSemaphore
PsGetCurrentThread
KeResetEvent
RtlFindClearBitsAndSet
IoReportDetectedDevice
IoUpdateShareAccess
KeSetBasePriorityThread
RtlInitString
IoDetachDevice
ExVerifySuite
MmPageEntireDriver
RtlHashUnicodeString
ZwEnumerateValueKey
KeQueryInterruptTime
ZwOpenKey
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
ExInitializeResourceLite
IoInvalidateDeviceRelations
MmGetPhysicalAddress
IoFreeWorkItem
RtlClearAllBits
RtlFindLeastSignificantBit
MmMapIoSpace
CcFastCopyWrite
RtlCopyUnicodeString
IoCancelIrp
RtlUnicodeToMultiByteN
IoStopTimer
ExDeleteResourceLite
RtlInitializeBitMap
KeDeregisterBugCheckCallback
IoBuildPartialMdl
IoOpenDeviceRegistryKey
ZwCreateFile
PsCreateSystemThread
KeQueryActiveProcessors
MmCanFileBeTruncated
ExSetResourceOwnerPointer
KeRegisterBugCheckCallback
RtlRemoveUnicodePrefix
CcCopyWrite
ZwClose
RtlTimeToSecondsSince1970
MmUnmapIoSpace
MmSecureVirtualMemory
RtlSecondsSince1970ToTime
ZwAllocateVirtualMemory
RtlInitAnsiString
SeSinglePrivilegeCheck
RtlUnicodeToOemN
IoDisconnectInterrupt
IoInitializeTimer
ObGetObjectSecurity
SeImpersonateClientEx
MmBuildMdlForNonPagedPool
CcCopyRead
RtlValidSid
PoRequestPowerIrp
ExAcquireResourceSharedLite
IoGetAttachedDeviceReference
RtlAreBitsSet
MmFreePagesFromMdl
FsRtlIsNameInExpression
ZwReadFile
ExFreePool
RtlFreeAnsiString
RtlAnsiCharToUnicodeChar
IoCreateSymbolicLink

Sections

.text
Size: 32KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9c0486eb704e142b27e1160fdbb35c7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 32KB - Virtual size: 35KB

.i_txt Size: 1KB - Virtual size: 1KB

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 512B - Virtual size: 486B

.data Size: 23KB - Virtual size: 56KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 632B

.text
Size: 32KB - Virtual size: 35KB

.i_txt
Size: 1KB - Virtual size: 1KB

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 512B - Virtual size: 486B

.data
Size: 23KB - Virtual size: 56KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 632B