1c2650a71bfab88183d28ca60ae345d5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c2650a71bfab88183d28ca60ae345d5_JaffaCakes118
Size

135KB
MD5

1c2650a71bfab88183d28ca60ae345d5
SHA1

026c19f29b2e356c35ef52a3ae74da89895f3dda
SHA256

502d07c616cdd6fbff38594091eed06b4b1c9b3e3008420667383550f9c6bb35
SHA512

9af3778ec67177675e761dec68c4fecb856db615cec934da080c079a0f655079aef47754787631b40ea47d56e8d779811942f2edb5aff26543e4eaadab7c112e
SSDEEP

3072:SFt6+TbsrOWIG6NC2JibCkvLAHh/T6JciDmmUS00x6:SvbsQnJiXAHtjiDUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c2650a71bfab88183d28ca60ae345d5_JaffaCakes118

Files

1c2650a71bfab88183d28ca60ae345d5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7fe96ce1314f05368790ec92277adb2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\UxQQGmmawwj\Xbspcjk\jtlrRDjhZ\wqqayfQEolb\LnmeIDhsHNC.pdb

Imports

ntoskrnl.exe

RtlCompareMemory
IoGetDeviceInterfaces
KeLeaveCriticalRegion
ObfReferenceObject
FsRtlNotifyUninitializeSync
PoSetSystemState
MmUnlockPages
CcPurgeCacheSection
IoGetDeviceProperty
ZwOpenKey
RtlLengthRequiredSid
IoCreateSynchronizationEvent
KeReadStateEvent
IoReleaseRemoveLockEx
IoReadPartitionTable
PsGetProcessExitTime
SeCaptureSubjectContext
ExUuidCreate
RtlRemoveUnicodePrefix
ZwQueryInformationFile
RtlTimeToSecondsSince1970
PsIsThreadTerminating
CcPinMappedData
KeSetEvent
CcPreparePinWrite
RtlCharToInteger
FsRtlCheckOplock
IoUnregisterFileSystem
RtlSplay
CcUninitializeCacheMap
ZwDeleteValueKey
IoUpdateShareAccess
ObInsertObject
KeSetTargetProcessorDpc
IoCreateNotificationEvent
RtlAddAccessAllowedAce
RtlTimeToSecondsSince1980
KeInitializeTimerEx
IoSetTopLevelIrp
CcSetFileSizes
PoCallDriver
IoVolumeDeviceToDosName
KeWaitForSingleObject
IoCreateStreamFileObjectLite
CcUnpinRepinnedBcb
RtlClearBits
DbgPrompt
IoWritePartitionTableEx
RtlAppendStringToString
IoCheckShareAccess
IoAcquireCancelSpinLock
ZwQueryKey
MmUnlockPagableImageSection
KeWaitForMultipleObjects
ZwFsControlFile
IoAllocateMdl
MmMapUserAddressesToPage
MmGetSystemRoutineAddress
IoOpenDeviceRegistryKey
PsGetVersion
RtlCreateUnicodeString
RtlDeleteRegistryValue
IoCreateSymbolicLink
RtlCopyString
ZwUnloadDriver
CcGetFileObjectFromBcb
KeSetImportanceDpc
RtlCopySid
RtlNtStatusToDosError
FsRtlCheckLockForWriteAccess
ExSetTimerResolution
CcMdlRead
IoCancelIrp
ExReinitializeResourceLite
ZwMakeTemporaryObject
IoReleaseVpbSpinLock
RtlSecondsSince1980ToTime
KeInitializeQueue
SeOpenObjectAuditAlarm
IoDetachDevice
IoGetAttachedDevice
IoInvalidateDeviceState
IoGetDiskDeviceObject
RtlQueryRegistryValues
ExVerifySuite
MmIsVerifierEnabled
IoAllocateIrp
RtlDowncaseUnicodeString
IoStartPacket
ObMakeTemporaryObject
KeBugCheck
RtlGetNextRange
WmiQueryTraceInformation
RtlInitAnsiString
MmForceSectionClosed
IoWMIRegistrationControl
ZwSetVolumeInformationFile
RtlInitUnicodeString
KeAttachProcess
KeCancelTimer
IoAllocateWorkItem
ZwSetValueKey
KeRemoveEntryDeviceQueue
ExInitializeResourceLite
RtlFindClearBitsAndSet
MmAllocateNonCachedMemory
KeInsertByKeyDeviceQueue
RtlCheckRegistryKey
KeQueryInterruptTime
CcMdlReadComplete
MmMapIoSpace
PsGetCurrentProcess
FsRtlMdlWriteCompleteDev
ZwCreateDirectoryObject
MmFlushImageSection
IoStartTimer
IoReportResourceForDetection
IoRegisterDeviceInterface
ExDeleteResourceLite
IoGetRequestorProcessId
IoSetPartitionInformationEx
CcFastCopyRead
ExAllocatePoolWithQuotaTag
RtlNumberOfClearBits
IoStartNextPacket
IoGetDeviceAttachmentBaseRef
ExDeletePagedLookasideList
SeFreePrivileges
RtlSubAuthoritySid
IoStopTimer
MmAdvanceMdl
MmUnmapLockedPages
PsTerminateSystemThread
MmQuerySystemSize
CcDeferWrite
RtlCompareUnicodeString
ObReleaseObjectSecurity
FsRtlIsDbcsInExpression
PsImpersonateClient
FsRtlFreeFileLock
RtlxOemStringToUnicodeSize
IoDeleteController
KeSetPriorityThread
MmLockPagableDataSection
IoCreateDevice
KeInitializeSemaphore
KeSaveFloatingPointState
HalExamineMBR
IoWMIWriteEvent
IoGetStackLimits
CcPinRead
ExGetSharedWaiterCount
IoReleaseCancelSpinLock
IoGetDriverObjectExtension
KeInsertHeadQueue
IoSetDeviceInterfaceState
ExAcquireResourceSharedLite
FsRtlIsFatDbcsLegal
ZwMapViewOfSection
RtlLengthSid
PsDereferencePrimaryToken
ZwAllocateVirtualMemory
IoRemoveShareAccess
RtlInitializeGenericTable
CcUnpinData
FsRtlIsTotalDeviceFailure
IoIsWdmVersionAvailable
IoDeleteSymbolicLink
RtlPrefixUnicodeString
ObReferenceObjectByPointer
RtlVerifyVersionInfo
RtlxAnsiStringToUnicodeSize
RtlUnicodeToMultiByteN
FsRtlNotifyInitializeSync
RtlInitializeUnicodePrefix
RtlFindLongestRunClear
ZwQueryVolumeInformationFile
SeValidSecurityDescriptor
ExRaiseDatatypeMisalignment
ZwWriteFile
RtlFreeOemString
KeInsertQueueDpc
ObOpenObjectByPointer
RtlUnicodeStringToOemString
IoReportDetectedDevice
RtlFindLastBackwardRunClear
IoWriteErrorLogEntry
RtlSetDaclSecurityDescriptor
RtlFindMostSignificantBit
RtlValidSid
SeImpersonateClientEx
PsReferencePrimaryToken
RtlStringFromGUID
MmSetAddressRangeModified
IoReleaseRemoveLockAndWaitEx
ExRegisterCallback
MmFreeContiguousMemory
IoGetRequestorProcess
KeFlushQueuedDpcs
IoEnumerateDeviceObjectList
FsRtlDeregisterUncProvider
SePrivilegeCheck
ExIsProcessorFeaturePresent
IoReadDiskSignature
IoFreeMdl
IoRaiseHardError
SeQueryAuthenticationIdToken
RtlAreBitsSet
KeUnstackDetachProcess
RtlCreateAcl
CcCanIWrite
RtlUnicodeToOemN
SeSetSecurityDescriptorInfo
CcInitializeCacheMap
CcSetReadAheadGranularity
CcFlushCache
RtlOemToUnicodeN
CcZeroData
ExLocalTimeToSystemTime
IoCsqRemoveIrp
RtlFreeUnicodeString
IoMakeAssociatedIrp
KeQuerySystemTime
RtlAnsiStringToUnicodeString
SeTokenIsRestricted
KeInitializeDpc
ZwOpenProcess
FsRtlSplitLargeMcb
RtlMultiByteToUnicodeN
ExSetResourceOwnerPointer
MmUnsecureVirtualMemory
KeGetCurrentThread
ObCreateObject
IoThreadToProcess
KeEnterCriticalRegion
ZwOpenSection
IoSetPartitionInformation
ObQueryNameString
IoCreateStreamFileObject
SeAssignSecurity
ZwQueryObject
CcMapData
KdEnableDebugger
IoVerifyPartitionTable
ExSystemTimeToLocalTime
ObfDereferenceObject
ExAllocatePool
SeDeleteObjectAuditAlarm
ZwCreateEvent
DbgBreakPoint
CcCopyWrite
IoQueryFileDosDeviceName
RtlHashUnicodeString
SeFilterToken
IoQueryDeviceDescription
KeSetTimerEx
ExFreePool
CcMdlWriteComplete

Exports

Exports

?IncrementPointExW@@YGKEE&U
?KillPathW@@YGXJPAKN&U
?HideListItem@@YGDH&U
?FindThread@@YGIMD&U
?ShowDialog@@YGFMDJ&U
?GetListA@@YGNH&U
?IsStateA@@YGXNJPAJE&U
?SendPointExW@@YGNDF&U
?DeleteNameW@@YGXNHPAH&U
?CloseRectExA@@YGXD&U
?CrtDataOriginal@@YG_NE&U
?DeleteMediaTypeNew@@YGXPAGPAMM&U
?IsMessageOriginal@@YGXDNF&U
?CancelTextOld@@YGXN_N&U
?CallProviderOld@@YGPAXPAHIE&U
?IsValidSystemW@@YGPAHPAMHPAEK&U
?EnumListExW@@YGPAHDIPAIPAF&U
?CallExpressionEx@@YGPAXJPAN&U
?ShowVersion@@YGDK_N&U
?PutSemaphoreA@@YGJPAKD&U
?InsertRectOld@@YGIIDMH&U
?PutPathW@@YGPAJPAI&U
?FindDirectoryW@@YGPAXHDM&U
?IsValidPenExA@@YG_NPAF&U
?GenerateMediaType@@YGDH&U
?FindWidthOriginal@@YGEPAMG&U
?SendClassOld@@YGPAEPADPAFDPAE&U
?DecrementAppNameExW@@YGXHII&U
?Dialog@@YGPAGPAFPAF&U
?InvalidateClassEx@@YGFPAMPADPAJJ&U
?FindSectionExA@@YGEG&U
?FindProcessNew@@YGXFM&U
?ValidateFullNameExW@@YGXEFPADPA_N&U
?RemoveSemaphoreNew@@YG_N_N&U
?FormatHeightEx@@YGKKPAN&U
?PointExA@@YGGG_N&U
?CloseAppNameEx@@YGPAKPAM&U
?InsertHeightW@@YGMPAD&U
?SendExpressionEx@@YGXHE&U

Sections

.text
Size: 30KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fe96ce1314f05368790ec92277adb2c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 53KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 526B

.data Size: 34KB - Virtual size: 34KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 30KB - Virtual size: 53KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 526B

.data
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 688B