23836c5ac530287af4713c6f41325582_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23836c5ac530287af4713c6f41325582_JaffaCakes118
Size

134KB
MD5

23836c5ac530287af4713c6f41325582
SHA1

b6491a5f0c69d7b12aba58813cbb0e5771b5b5da
SHA256

47b8bd576ef3be3f9002dd581c7456cd40c5667374a9f15a4f6ee0848c02bc90
SHA512

8074543401d44c7d9bf4bca3157d3f65a17a308ab036e4add5d0b90ab7990a5db84bb1ea7bb0a122eb169e02618b5dec84898fc082621948537becfd1474b034
SSDEEP

1536:PFp31y2n5oTkcKGXL9vetkmVyaNVR3+NumvX7HAveBuUIyA4u9JpnaqIPSxgx:PFpn5PcKgVxexmvX7H5LIyA40ESxgx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23836c5ac530287af4713c6f41325582_JaffaCakes118

Files

23836c5ac530287af4713c6f41325582_JaffaCakes118
.dll windows:5 windows x86 arch:x86

907285476c080dd289f2d67d2759b101

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\EsAKotqy\tvnmsfxhBqnqbW\xorXHvISR\cjyLlOyxnI.pdb

Imports

ntoskrnl.exe

CcFastCopyRead
ZwSetSecurityObject
ExCreateCallback
CcSetFileSizes
RtlDeleteRegistryValue
KeInsertByKeyDeviceQueue
MmSizeOfMdl
IoVerifyVolume
IoGetDeviceAttachmentBaseRef
IoOpenDeviceRegistryKey
MmBuildMdlForNonPagedPool
IoMakeAssociatedIrp
RtlFreeAnsiString
ZwReadFile
IoGetBootDiskInformation
PoUnregisterSystemState
KeReadStateMutex
KeRemoveQueue
IoReportDetectedDevice
RtlFindLongestRunClear
MmUnmapLockedPages
RtlGenerate8dot3Name
IoGetDeviceInterfaces
RtlCheckRegistryKey
IoInitializeIrp
MmUnmapIoSpace
RtlUnicodeStringToAnsiString
IoInitializeRemoveLockEx
SeOpenObjectAuditAlarm
RtlLengthRequiredSid
IoInvalidateDeviceState
IoGetStackLimits
ObReleaseObjectSecurity
ObMakeTemporaryObject
ExLocalTimeToSystemTime
MmProbeAndLockProcessPages
IoStartNextPacket
RtlAppendUnicodeToString
FsRtlAllocateFileLock
IoSetThreadHardErrorMode
KeInsertQueue
IoCreateDisk
RtlAnsiStringToUnicodeString
RtlGUIDFromString
IoAcquireVpbSpinLock
ZwDeleteKey
KeDeregisterBugCheckCallback
PsGetThreadProcessId
CcCopyWrite
ProbeForRead
ExUuidCreate
RtlInitializeGenericTable
MmFreeNonCachedMemory
PoSetPowerState
FsRtlIsDbcsInExpression
IoAllocateWorkItem
RtlUpperChar
MmProbeAndLockPages
IoCreateStreamFileObjectLite
CcUnpinRepinnedBcb
IoEnumerateDeviceObjectList
KeInsertQueueDpc
KeBugCheckEx
KeInitializeDeviceQueue
RtlInitString
IoAcquireRemoveLockEx
ZwNotifyChangeKey
RtlStringFromGUID
SeFreePrivileges
SeDeassignSecurity
IoGetDmaAdapter
IoRequestDeviceEject
CcCanIWrite
IoReleaseCancelSpinLock
KeBugCheck
IoVolumeDeviceToDosName
ZwOpenProcess
ZwQueryObject
RtlDeleteElementGenericTable
IoCheckEaBufferValidity
IoCheckShareAccess
RtlCompareUnicodeString
IoWMIWriteEvent
KeInitializeQueue
RtlFindLeastSignificantBit
MmMapLockedPages
RtlFreeOemString
MmSetAddressRangeModified
ZwCreateFile
RtlFindUnicodePrefix
CcRepinBcb
MmLockPagableSectionByHandle
CcIsThereDirtyData
KeReleaseMutex
KeSetPriorityThread
RtlxUnicodeStringToAnsiSize
PoRegisterSystemState
IoWritePartitionTableEx
MmFlushImageSection
IoGetRequestorProcessId
KeRestoreFloatingPointState
IoRaiseHardError
ExReleaseResourceLite
RtlNtStatusToDosError
KeRevertToUserAffinityThread
KeInsertHeadQueue
IoIsOperationSynchronous
RtlEqualString
IoGetDeviceObjectPointer
IoAllocateIrp
RtlInitUnicodeString
ObReferenceObjectByHandle
RtlCreateRegistryKey
RtlUpcaseUnicodeToOemN
ObfDereferenceObject
RtlCopyString
CcPurgeCacheSection
RtlUnicodeStringToInteger
SeReleaseSubjectContext
RtlClearBits
RtlWriteRegistryValue
IoDeleteController
RtlLengthSecurityDescriptor
RtlTimeToSecondsSince1980
ObInsertObject
PsGetCurrentProcessId
PoSetSystemState
PsIsThreadTerminating
ExAllocatePoolWithQuotaTag
ZwQueryKey
RtlCharToInteger
DbgBreakPointWithStatus
IoGetTopLevelIrp
PsDereferencePrimaryToken
MmAllocateMappingAddress
RtlDelete
PoRequestPowerIrp
IoStopTimer
MmForceSectionClosed
RtlFindLastBackwardRunClear
ExAcquireResourceSharedLite
PsGetProcessId
RtlInitializeUnicodePrefix
RtlVerifyVersionInfo
IoFreeIrp
KeSetTargetProcessorDpc
ObCreateObject
IoCreateFile
CcMdlWriteComplete
ExSystemTimeToLocalTime
KeLeaveCriticalRegion
RtlFindNextForwardRunClear
KeDetachProcess
MmUnlockPagableImageSection
SeSetSecurityDescriptorInfo
MmIsVerifierEnabled
RtlTimeToSecondsSince1970
SePrivilegeCheck
CcCopyRead
MmHighestUserAddress
KeRemoveEntryDeviceQueue
KdEnableDebugger
MmUnlockPages
CcUninitializeCacheMap
FsRtlIsTotalDeviceFailure
ZwOpenKey
RtlValidSecurityDescriptor
FsRtlCheckOplock
MmCanFileBeTruncated
MmUnmapReservedMapping
IoWriteErrorLogEntry
RtlNumberOfClearBits
RtlVolumeDeviceToDosName
IoGetLowerDeviceObject
CcFastMdlReadWait
RtlUpcaseUnicodeString
RtlAddAccessAllowedAce
ZwPowerInformation
PoCallDriver
SeQueryAuthenticationIdToken
IoReleaseVpbSpinLock
RtlQueryRegistryValues
SeSinglePrivilegeCheck
ExGetSharedWaiterCount
ZwOpenSection
IoQueryDeviceDescription
KeGetCurrentThread
IoDeleteDevice
CcUnpinData
ExNotifyCallback
ExVerifySuite
SeTokenIsAdmin
ExAcquireFastMutexUnsafe
SeLockSubjectContext
CcMdlRead
ExSetResourceOwnerPointer
CcSetBcbOwnerPointer
IoQueryFileDosDeviceName
KeUnstackDetachProcess
KeRemoveDeviceQueue
KeAttachProcess
MmAllocateNonCachedMemory
IoCreateSymbolicLink
IoSetDeviceToVerify
KeRemoveQueueDpc
IoCreateStreamFileObject
CcZeroData
IoUnregisterFileSystem
RtlxOemStringToUnicodeSize
KeInitializeMutex
RtlFindClearBitsAndSet
ExReinitializeResourceLite
MmIsThisAnNtAsSystem
ZwUnloadDriver
FsRtlFastCheckLockForRead
RtlEqualUnicodeString
IoGetDiskDeviceObject
MmAdvanceMdl
IoGetCurrentProcess
RtlCreateAcl
ExInitializeResourceLite
RtlFindClearBits
RtlDeleteNoSplay
IoReadPartitionTable
MmResetDriverPaging
PsImpersonateClient
KeSetImportanceDpc
ExReleaseFastMutexUnsafe
RtlAddAccessAllowedAceEx
ZwFreeVirtualMemory
PsGetVersion
KeCancelTimer
FsRtlMdlWriteCompleteDev
RtlMultiByteToUnicodeN
ExDeleteResourceLite
RtlFreeUnicodeString
CcUnpinDataForThread
IoAllocateErrorLogEntry
PsGetProcessExitTime
KeSetTimerEx
MmFreeContiguousMemory
IoQueryFileInformation
RtlInitAnsiString
IoRegisterDeviceInterface
CcSetReadAheadGranularity
RtlFillMemoryUlong
MmUnsecureVirtualMemory
ZwQueryValueKey
KeSaveFloatingPointState
DbgBreakPoint
PsLookupProcessByProcessId
IoGetDeviceToVerify
IoFreeMdl
ObGetObjectSecurity
PsTerminateSystemThread
RtlRemoveUnicodePrefix
ZwWriteFile
RtlGetNextRange
RtlFindMostSignificantBit
WmiQueryTraceInformation
RtlCreateSecurityDescriptor

Exports

Exports

?RemoveHeaderOriginal@@YGXEDH&U
?InstallConfig@@YGGFIPAH&U
?IsValidTaskNew@@YGPADFJ&U
?GenerateMediaTypeA@@YGPAEIPAJPAMD&U
?DeleteTimeExW@@YGFN_NHD&U
?AddDataNew@@YGGK&U
?AddDirectoryNew@@YGXK&U
?RemoveDirectoryExA@@YGKGEN&U
?IncrementCharW@@YGPADGPAHGPAN&U
?DecrementStateA@@YGJM&U
?HideFilePathExA@@YGEPAM&U
?CallObjectW@@YGHEPAFPAH&U
?IncrementListItemExW@@YGPAJM&U
?CallClassW@@YGPAXJPAFPAE&U
?DeleteAnchorExA@@YGPAGPAJH&U
?CrtMutantEx@@YGPANF&U
?RtlProfileExW@@YGKEPA_NPAD&U
?FindAnchorExW@@YGPAMPAJPAGHF&U
?ModifyObjectExA@@YGIPAEPAH&U
?DecrementProjectExA@@YGFPAEPANHPAF&U
?KillWindowInfoEx@@YGIFPAE&U
?IsModuleExA@@YGPAGJPAGEPAM&U
?EnumArgumentExW@@YGPAIPAMEM&U
?DeleteDateTimeExW@@YGPAFK_N&U
?CancelMediaTypeExW@@YGHI&U
?IncrementPenNew@@YGXPAJG&U
?IncrementTextEx@@YGNM&U
?ModifyPenExW@@YGKFHPAH&U
?KillMediaTypeA@@YGEPAMJN&U
?DecrementMonitorNew@@YGXH&U
?HideFileExW@@YGKD&U
?EnumStateExA@@YGPAFPADHPAGH&U
?LoadDeviceExA@@YGXG_NE&U
?DecrementAnchorExA@@YGPAKEFGPAJ&U

Sections

.text
Size: 27KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

907285476c080dd289f2d67d2759b101

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 709B

.data Size: 37KB - Virtual size: 37KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 660B

.text
Size: 27KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 709B

.data
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 660B