21f9a5e938ceb53b1c5c5d02e3fb60fc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21f9a5e938ceb53b1c5c5d02e3fb60fc_JaffaCakes118
Size

73KB
MD5

21f9a5e938ceb53b1c5c5d02e3fb60fc
SHA1

6eac74c4678ab5a2a1ca93d3c57607b54d22bd9b
SHA256

4f7233d7cb5ac63d2c4c1d5c9d1e1b66123b55b4bd0f5d239febd9a60fb9adb4
SHA512

ef8d88fa818b395e5ee4178200232d3fc24c6aa1a09a26b925b508126368bddefe8915d5bc72d69a3f9c66a48e99ba7390a464cdccdd42181adbb1ef58fea2a7
SSDEEP

1536:cPv0Xd2kT31j9cxSomC3WsGtjFY3g1s4f4G:zX571CxSoFfQ1x4G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21f9a5e938ceb53b1c5c5d02e3fb60fc_JaffaCakes118

Files

21f9a5e938ceb53b1c5c5d02e3fb60fc_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\etjshUj\YAMLfpyczxPuzE\NymSyfsDV.pdb

Imports

ntoskrnl.exe

RtlTimeFieldsToTime
IoAllocateWorkItem
FsRtlCheckLockForWriteAccess
CcMdlReadComplete
ZwAllocateVirtualMemory
PsIsThreadTerminating
ExDeleteNPagedLookasideList
CcFastMdlReadWait
RtlInitUnicodeString
IoSetPartitionInformation
IoDetachDevice
ZwOpenFile
PsDereferencePrimaryToken
ObReferenceObjectByHandle
KeWaitForSingleObject
IoVerifyPartitionTable
KeInitializeQueue
MmMapUserAddressesToPage
MmAllocateMappingAddress
IoDeleteDevice
ZwWriteFile
PoCallDriver
IoCheckEaBufferValidity
IoWMIWriteEvent
IoDisconnectInterrupt
ExAcquireResourceSharedLite
IoGetDeviceToVerify
ZwUnloadDriver
IoSetShareAccess
RtlFillMemoryUlong
IoInitializeRemoveLockEx
PsReturnPoolQuota
RtlSplay
KeRemoveEntryDeviceQueue
IoCancelIrp
IoAcquireRemoveLockEx
RtlCreateUnicodeString
KeInsertByKeyDeviceQueue
ExNotifyCallback
IoConnectInterrupt
KeInsertQueueDpc
RtlVerifyVersionInfo
IoRaiseHardError
PsGetCurrentProcessId
ObReleaseObjectSecurity
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
RtlCheckRegistryKey
MmUnmapReservedMapping
KeClearEvent
ObCreateObject
RtlEqualSid
RtlxAnsiStringToUnicodeSize
RtlRandom
RtlUpcaseUnicodeString
PsGetProcessId
RtlxUnicodeStringToAnsiSize
RtlFindClearBitsAndSet
RtlCopySid
RtlFindLastBackwardRunClear
IoReleaseRemoveLockEx
KeBugCheckEx
ExCreateCallback
ObGetObjectSecurity
SeAssignSecurity
KeCancelTimer
IoAllocateController
PoRequestPowerIrp
IoQueryFileDosDeviceName
PsImpersonateClient
IoAllocateMdl
RtlInitializeUnicodePrefix
ZwOpenProcess
CcInitializeCacheMap
IoDeviceObjectType
RtlValidSid
RtlNtStatusToDosError
IoStopTimer
KeInitializeMutex
IoAcquireVpbSpinLock
RtlCharToInteger
IoSetStartIoAttributes
IoCreateFile
RtlInt64ToUnicodeString
RtlLengthSecurityDescriptor
FsRtlNotifyUninitializeSync
IoReleaseRemoveLockAndWaitEx
CcCanIWrite
IoIsOperationSynchronous
ZwClose
IoWritePartitionTableEx
IoFreeWorkItem
MmUnsecureVirtualMemory
RtlPrefixUnicodeString
MmAddVerifierThunks
ZwLoadDriver
KeDelayExecutionThread
FsRtlIsDbcsInExpression
IoInitializeTimer
SeReleaseSubjectContext
RtlSecondsSince1980ToTime
CcIsThereDirtyData
MmFreeNonCachedMemory
MmFreeContiguousMemory
ZwFreeVirtualMemory
KeSetEvent
MmFreeMappingAddress
MmSecureVirtualMemory
RtlUnicodeToOemN
RtlDowncaseUnicodeString
IoStartNextPacket
DbgBreakPoint
KeInitializeTimerEx
CcFastCopyRead
KeSetTargetProcessorDpc
IoIsSystemThread
KeInitializeEvent
RtlFreeUnicodeString
RtlUpcaseUnicodeChar
KeQueryInterruptTime
ZwOpenSymbolicLinkObject
RtlFindNextForwardRunClear
IoAllocateErrorLogEntry
PsLookupThreadByThreadId
SeLockSubjectContext
ExLocalTimeToSystemTime
RtlFindLongestRunClear
RtlIntegerToUnicodeString
PoUnregisterSystemState
RtlEqualUnicodeString
IoGetCurrentProcess
RtlUnicodeStringToOemString
IoEnumerateDeviceObjectList
IoWMIRegistrationControl
IoCreateNotificationEvent
ExReleaseFastMutexUnsafe
IoThreadToProcess
IoWriteErrorLogEntry
ZwMakeTemporaryObject
ZwQueryInformationFile
RtlClearBits
KeSetSystemAffinityThread
ZwPowerInformation
KeReadStateMutex
RtlValidSecurityDescriptor
RtlAppendStringToString
FsRtlDeregisterUncProvider
SeSetSecurityDescriptorInfo
CcDeferWrite
KeDetachProcess
IoCreateStreamFileObject
IoGetDriverObjectExtension
CcUnpinData
MmIsDriverVerifying
IoCreateDevice
IoUnregisterFileSystem
ExReleaseResourceLite
ZwQueryObject
PsChargeProcessPoolQuota
ZwCreateSection
IoFreeErrorLogEntry
ExVerifySuite
FsRtlFastUnlockSingle
MmSetAddressRangeModified
RtlInitAnsiString
RtlCreateRegistryKey
RtlFindUnicodePrefix
ObMakeTemporaryObject
FsRtlCheckOplock
KeWaitForMultipleObjects
ObfReferenceObject
KeReadStateEvent
RtlFindClearRuns
VerSetConditionMask
IoGetDeviceInterfaceAlias
ObReferenceObjectByPointer
KeBugCheck
CcPreparePinWrite
IoInvalidateDeviceState
IoGetAttachedDevice
CcPurgeCacheSection
ExGetExclusiveWaiterCount
ExSetTimerResolution
DbgPrompt
ZwEnumerateKey
IoGetAttachedDeviceReference
IoFreeMdl
ExAllocatePool
CcPinMappedData
RtlTimeToSecondsSince1970
MmUnmapIoSpace
MmFlushImageSection
RtlCompareMemory
IoSetDeviceInterfaceState
ProbeForRead
RtlVolumeDeviceToDosName
ZwCreateEvent
IoGetBootDiskInformation
KeGetCurrentThread
SeFreePrivileges
KeInitializeTimer
MmUnlockPages
PsGetThreadProcessId
IoGetDeviceInterfaces
SeAppendPrivileges
RtlAppendUnicodeToString
KeRemoveByKeyDeviceQueue
RtlAnsiStringToUnicodeString
SeTokenIsRestricted
SeQueryAuthenticationIdToken
IoSetSystemPartition
KeReleaseMutex
ZwSetValueKey
IoMakeAssociatedIrp
SeDeleteObjectAuditAlarm
FsRtlIsNameInExpression
KeSynchronizeExecution
CcRemapBcb
ExUnregisterCallback
SeImpersonateClientEx
MmQuerySystemSize
RtlFindLeastSignificantBit
PsReferencePrimaryToken
KeSetImportanceDpc
ExQueueWorkItem
RtlFindSetBits
PsTerminateSystemThread
KeRemoveDeviceQueue
IoQueryFileInformation
RtlDeleteNoSplay
KeSetKernelStackSwapEnable
IoIsWdmVersionAvailable
ExSetResourceOwnerPointer
CcUninitializeCacheMap
ExRegisterCallback
ZwDeviceIoControlFile
MmAllocatePagesForMdl
CcUnpinRepinnedBcb
ObInsertObject
RtlOemToUnicodeN
RtlAnsiCharToUnicodeChar
RtlHashUnicodeString
IoFreeIrp
ZwQueryValueKey
RtlUpcaseUnicodeToOemN
IoReuseIrp
KeQueryActiveProcessors
SeDeassignSecurity
RtlSetDaclSecurityDescriptor
ExDeleteResourceLite
IoStartTimer
RtlDeleteElementGenericTable
FsRtlAllocateFileLock
IoGetRelatedDeviceObject
MmBuildMdlForNonPagedPool

Exports

Exports

?InstallDeviceOld@@YGPAMPAI<V
?InstallComponentNew@@YGXGFPAE<V
?FreeComponent@@YGDPAJH<V
?HideArgumentExW@@YGJF<V
?InsertKeyNameOriginal@@YGMPADIM<V
?FindMemoryA@@YGKNIPA_NN<V

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 9KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 768B

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 768B