255a5a8c4580f0410c857f6b1ac429bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

255a5a8c4580f0410c857f6b1ac429bd_JaffaCakes118
Size

135KB
MD5

255a5a8c4580f0410c857f6b1ac429bd
SHA1

cf4c73a847571b4eed8a9de25d95e85981da8492
SHA256

98200acfd03887b81a40002f617a8c9892296e7044a14a32e4cd24059a332b87
SHA512

e7164428169b0002651ea19dafe3c0c7f87a58a900057a8b510ea20bb96f33dfa470a056b2db4a70117961d74caff681394ce678a2ddb9d2ec81ede578ab7e7a
SSDEEP

3072:jsPH4bRoNnQ0BG6NC2JN68rZv7YHZf76VuLHUS+UE+:a41mQ0BnJNvYHFVL0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
255a5a8c4580f0410c857f6b1ac429bd_JaffaCakes118

Files

255a5a8c4580f0410c857f6b1ac429bd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c90aca243aaf1f7a4e3140ed7027173a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\lwyptyBNiap\IpDkWxALa\dcVqTPpJfylF\lrOefrigbXm\oBgavXoyayTsyj.pdb

Imports

ntoskrnl.exe

CcCopyRead
MmAdvanceMdl
IoReportResourceForDetection
IoFreeWorkItem
SeTokenIsRestricted
MmUnmapReservedMapping
MmSecureVirtualMemory
KeRevertToUserAffinityThread
ZwReadFile
CcUninitializeCacheMap
ObfDereferenceObject
MmIsThisAnNtAsSystem
FsRtlFastUnlockSingle
RtlCopyLuid
KeSynchronizeExecution
IoCreateNotificationEvent
ZwOpenSymbolicLinkObject
IoAllocateMdl
IoWriteErrorLogEntry
MmMapLockedPagesSpecifyCache
RtlUpperString
ZwPowerInformation
CcCanIWrite
PsReferencePrimaryToken
ZwUnloadDriver
IoInitializeRemoveLockEx
IoFreeController
IoVerifyPartitionTable
ExQueueWorkItem
ZwSetVolumeInformationFile
ZwCreateKey
ZwDeleteKey
RtlStringFromGUID
RtlTimeToSecondsSince1970
ZwDeviceIoControlFile
CcInitializeCacheMap
IoGetDiskDeviceObject
RtlGetCallersAddress
IoSetTopLevelIrp
KeQueryActiveProcessors
RtlEqualString
FsRtlNotifyUninitializeSync
IoReadPartitionTable
CcPinMappedData
KeBugCheckEx
RtlUnicodeStringToOemString
ZwOpenKey
IoCheckEaBufferValidity
RtlInt64ToUnicodeString
KeSetKernelStackSwapEnable
IoAcquireCancelSpinLock
RtlLengthSecurityDescriptor
RtlEqualSid
DbgBreakPointWithStatus
ZwQueryValueKey
IoSetPartitionInformation
ExLocalTimeToSystemTime
RtlNumberOfClearBits
IoInvalidateDeviceRelations
RtlGetVersion
KeRemoveQueueDpc
RtlMapGenericMask
RtlCreateUnicodeString
FsRtlIsDbcsInExpression
CcSetBcbOwnerPointer
RtlFindMostSignificantBit
IoGetDeviceInterfaceAlias
PsGetCurrentProcessId
ZwEnumerateValueKey
MmAllocatePagesForMdl
IoAllocateAdapterChannel
IoUpdateShareAccess
IoCreateStreamFileObject
SeQueryAuthenticationIdToken
RtlCreateRegistryKey
IoSetStartIoAttributes
KdDisableDebugger
KeReadStateEvent
IofCompleteRequest
ZwMapViewOfSection
ExRaiseAccessViolation
ExIsProcessorFeaturePresent
KeGetCurrentThread
IoReleaseRemoveLockEx
FsRtlNotifyInitializeSync
ExCreateCallback
IoVolumeDeviceToDosName
IoReleaseCancelSpinLock
ObQueryNameString
KeQueryInterruptTime
RtlFindLastBackwardRunClear
IoRemoveShareAccess
KeReleaseSemaphore
ExInitializeResourceLite
IoReadPartitionTableEx
ObOpenObjectByPointer
SeSinglePrivilegeCheck
RtlTimeFieldsToTime
RtlGetNextRange
RtlDeleteNoSplay
RtlFreeUnicodeString
RtlInitAnsiString
RtlGenerate8dot3Name
KeWaitForMultipleObjects
IoAcquireRemoveLockEx
ZwOpenSection
RtlNtStatusToDosError
RtlCopyString
ExVerifySuite
RtlDowncaseUnicodeString
IoGetDmaAdapter
RtlVolumeDeviceToDosName
RtlAreBitsSet
RtlQueryRegistryValues
RtlRandom
KePulseEvent
RtlInitUnicodeString
IoGetAttachedDeviceReference
MmGetPhysicalAddress
RtlFindLeastSignificantBit
CcSetFileSizes
FsRtlIsTotalDeviceFailure
ObReferenceObjectByHandle
MmBuildMdlForNonPagedPool
ExFreePool
ExAllocatePoolWithQuota
KeRundownQueue
RtlValidSecurityDescriptor
RtlFreeAnsiString
IoUnregisterFileSystem
IoReadDiskSignature
RtlFindClearRuns
MmUnlockPages
PoSetPowerState
KeClearEvent
MmIsVerifierEnabled
RtlUnicodeToOemN
IoBuildSynchronousFsdRequest
RtlCompareString
FsRtlMdlWriteCompleteDev
IoSetPartitionInformationEx
PsGetProcessId
MmUnmapLockedPages
CcCopyWrite
IoGetRequestorProcessId
IoSetShareAccess
ZwSetValueKey
CcSetDirtyPinnedData
IoReuseIrp
RtlPrefixUnicodeString
CcFlushCache
CcGetFileObjectFromBcb
KeInsertQueueDpc
ExGetSharedWaiterCount
IoGetDeviceInterfaces
SeCaptureSubjectContext
RtlLengthRequiredSid
ObReleaseObjectSecurity
ExDeletePagedLookasideList
IoWMIWriteEvent
SeReleaseSubjectContext
MmMapLockedPages
KeInitializeSemaphore
RtlGUIDFromString
MmFreeContiguousMemory
MmProbeAndLockPages
RtlAddAccessAllowedAce
IoGetTopLevelIrp
RtlUnicodeStringToAnsiString
CcMdlRead
CcMdlWriteAbort
ExGetPreviousMode
KeInitializeMutex
MmResetDriverPaging
RtlCompareUnicodeString
MmIsDriverVerifying
IoGetRequestorProcess
PoCallDriver
RtlFindNextForwardRunClear
RtlxOemStringToUnicodeSize
IoCheckShareAccess
KeSetImportanceDpc
RtlFreeOemString
MmGetSystemRoutineAddress
RtlHashUnicodeString
IoCreateFile
DbgPrompt
IoConnectInterrupt
SeValidSecurityDescriptor
KeRemoveEntryDeviceQueue
IoSetSystemPartition
ZwCreateSection
RtlSubAuthoritySid
CcUnpinData
ZwNotifyChangeKey
IoGetLowerDeviceObject
ExSetResourceOwnerPointer
MmAllocateNonCachedMemory
MmMapIoSpace
ExAllocatePool
IoCsqRemoveIrp
ExSetTimerResolution
KeUnstackDetachProcess
ZwQueryInformationFile
PsReturnPoolQuota
ExGetExclusiveWaiterCount
MmForceSectionClosed
KeSetTimerEx
IoGetDeviceAttachmentBaseRef
RtlTimeToTimeFields
KeStackAttachProcess
RtlFindSetBits
ExDeleteNPagedLookasideList
RtlFillMemoryUlong
RtlSetBits
ZwMakeTemporaryObject
IoQueryFileDosDeviceName
MmLockPagableSectionByHandle
VerSetConditionMask
RtlxAnsiStringToUnicodeSize
IoSetThreadHardErrorMode
RtlInsertUnicodePrefix
ExDeleteResourceLite
IoAllocateWorkItem
MmPageEntireDriver
IoCreateDevice
FsRtlIsHpfsDbcsLegal
ZwFreeVirtualMemory
DbgBreakPoint
IoStartTimer
MmMapUserAddressesToPage
IoDeleteDevice
RtlLengthSid
RtlAnsiStringToUnicodeString
SeOpenObjectAuditAlarm
RtlFindUnicodePrefix
RtlIntegerToUnicodeString
IoSetHardErrorOrVerifyDevice
MmQuerySystemSize
PsDereferencePrimaryToken
PoStartNextPowerIrp
RtlCopySid
PsChargeProcessPoolQuota
ZwSetSecurityObject
ExReinitializeResourceLite
KeLeaveCriticalRegion
RtlInitializeSid
WmiQueryTraceInformation
FsRtlDeregisterUncProvider
ZwWriteFile
PsGetThreadProcessId
KeInsertByKeyDeviceQueue
ZwEnumerateKey
IoCheckQuotaBufferValidity
FsRtlIsFatDbcsLegal
SeAssignSecurity
RtlCopyUnicodeString
MmFreeMappingAddress
MmUnsecureVirtualMemory
ExSystemTimeToLocalTime
IoIsOperationSynchronous

Exports

Exports

?RemovePathOld@@YGPADPAJIFH&U
?InsertModule@@YGPAJDEI_N&U
?ValidateString@@YGHK&U
?CopyProcessA@@YGXPAHI_NPAD&U
?CallPenExA@@YGMPAGPAG&U
?DeleteHeightExA@@YGD_N&U
?ValidatePointOld@@YGNM&U
?GlobalTimerExW@@YGMFKH&U
?RemoveFilePath@@YGEPAJIPAK&U
?HideRectW@@YGPAXJPANGN&U
?AddSemaphoreA@@YGKE&U
?IsEventW@@YGNPAEPAJDJ&U
?ShowTimeOriginal@@YGMMFPAJJ&U
?IsValidFilePathEx@@YGFJ&U
?CrtMemoryEx@@YGXPAM&U
?CallMonitorOriginal@@YGPAXHKG&U
?ShowSectionA@@YGPAXJI&U
?HideFullNameEx@@YGXJ&U
?SendConfigA@@YGPAXE&U
?HideCommandLineNew@@YGIGD&U
?LoadModuleOriginal@@YGPAGED&U
?GlobalStateNew@@YGJPA_N&U
?FreeDialogA@@YGKD&U
?KillProcessA@@YGGKFJF&U
?FindOption@@YGDGM&U
?PutModuleA@@YGPAX_NE&U
?CopyFolderPathW@@YGPAIDPADM&U
?CloseProvider@@YGIPAE&U
?IsValidProcessOld@@YGXPAE_ND&U
?CopyMutantEx@@YGGPA_NPAHGI&U
?CallMessageOriginal@@YGPAJPAJ&U
?KillExpressionOld@@YGGPAD&U

Sections

.text
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 581B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c90aca243aaf1f7a4e3140ed7027173a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 581B

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 660B

.text
Size: 28KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 581B

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 660B