2742d17633045916bc90126f83c3cc9c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2742d17633045916bc90126f83c3cc9c_JaffaCakes118
Size

70KB
MD5

2742d17633045916bc90126f83c3cc9c
SHA1

c6ec0821f5c240eacaaf005bf2b39900e38b1875
SHA256

2f23b558adb3d1ad3afebd038719b4c27f14884ff1c527a7e2778dae35f82240
SHA512

f699a85a8f5655f23dea1501589caf7dbd5f26aca1f7902edb419ac814fadd985b5c7877b216be401dbbd8f1fa5e6978768246d8470dbbd52bcc48fcbbc03441
SSDEEP

1536:VrjGvPTDHP5dt304SU5xheafmQVs5hG2KIL9J:JjGvrVf04S8heCmQV+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2742d17633045916bc90126f83c3cc9c_JaffaCakes118

Files

2742d17633045916bc90126f83c3cc9c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

300dc7751b9ad02a4d258882aaba42aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\ftgdWtyZjOLu\yDdtobgoy\vvzsrympD.pdb

Imports

ntoskrnl.exe

CcInitializeCacheMap
ExGetPreviousMode
PsGetCurrentThread
RtlValidSecurityDescriptor
ZwReadFile
MmAddVerifierThunks
IoRemoveShareAccess
CcUnpinRepinnedBcb
SeQueryAuthenticationIdToken
ZwSetValueKey
RtlLengthSecurityDescriptor
IoInitializeIrp
IoAllocateErrorLogEntry
ExReleaseResourceLite
ProbeForWrite
SeAccessCheck
RtlSplay
ExAllocatePoolWithQuotaTag
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
PsImpersonateClient
SeImpersonateClientEx
RtlAreBitsSet
ExDeleteNPagedLookasideList
FsRtlCheckLockForReadAccess
IoGetDeviceInterfaces
RtlUnicodeStringToOemString
RtlAddAccessAllowedAce
ZwFsControlFile
RtlxAnsiStringToUnicodeSize
IoCheckShareAccess
ZwUnloadDriver
PsGetVersion
IoSetDeviceToVerify
IofCompleteRequest
CcCopyWrite
RtlEqualString
RtlCompareString
ZwMakeTemporaryObject
KeSetPriorityThread
FsRtlMdlWriteCompleteDev
IoCreateNotificationEvent
ExRaiseAccessViolation
IoStopTimer
IoQueryDeviceDescription
MmUnsecureVirtualMemory
IoGetRelatedDeviceObject
ZwAllocateVirtualMemory
ZwQueryVolumeInformationFile
ExGetSharedWaiterCount
RtlGetVersion
FsRtlIsNameInExpression
IoReleaseCancelSpinLock
KeDeregisterBugCheckCallback
IoWriteErrorLogEntry
KeQuerySystemTime
ZwCreateKey
CcSetDirtyPinnedData
RtlAnsiCharToUnicodeChar
RtlEqualSid
IoStartPacket
IofCallDriver
KeSetSystemAffinityThread
RtlVolumeDeviceToDosName
IoIsSystemThread
KeAttachProcess
ExAllocatePoolWithQuota
KeSetImportanceDpc
RtlSetAllBits
IoStartNextPacket
KeRundownQueue
KeSaveFloatingPointState
IoGetDeviceProperty
IoCreateStreamFileObjectLite
IoGetTopLevelIrp
ProbeForRead
IoRaiseHardError
RtlUpcaseUnicodeString
IoCreateDisk
RtlCreateSecurityDescriptor
IoDeleteDevice
ZwLoadDriver
MmResetDriverPaging
IoAcquireRemoveLockEx
KeRemoveEntryDeviceQueue
ExSystemTimeToLocalTime
MmLockPagableDataSection
RtlClearBits
VerSetConditionMask
RtlFindLastBackwardRunClear
FsRtlIsDbcsInExpression
ZwEnumerateKey
IoCsqRemoveIrp
MmIsThisAnNtAsSystem
ObInsertObject
DbgBreakPointWithStatus
IoAcquireCancelSpinLock
KdDisableDebugger
KeSetEvent
ExDeleteResourceLite
MmIsDriverVerifying
KeRemoveQueueDpc
IoInitializeTimer
KeResetEvent
KeClearEvent
PsGetThreadProcessId
RtlUpcaseUnicodeChar
IoGetDmaAdapter
IoFreeMdl
IoAllocateWorkItem
MmSecureVirtualMemory
CcMdlWriteComplete
ZwDeviceIoControlFile
IoMakeAssociatedIrp
IoGetLowerDeviceObject
RtlOemStringToUnicodeString
PoCallDriver
RtlFindNextForwardRunClear
RtlCopyUnicodeString
ZwOpenFile
MmForceSectionClosed
ExUnregisterCallback
MmMapIoSpace
RtlMultiByteToUnicodeN
PoRegisterSystemState
IoGetDriverObjectExtension
IoCheckEaBufferValidity
IoDeleteSymbolicLink
ZwClose
PsIsThreadTerminating
MmGetPhysicalAddress
RtlClearAllBits
CcMdlReadComplete
MmAllocateNonCachedMemory
IoReportDetectedDevice
ObfReferenceObject
IoGetAttachedDeviceReference
KeSetTimerEx
IoRegisterFileSystem
CcMdlWriteAbort
RtlUpcaseUnicodeToOemN
ZwFlushKey
KeInitializeQueue
KeInsertQueueDpc
PoUnregisterSystemState
ZwOpenKey
MmGetSystemRoutineAddress
SeTokenIsRestricted
KeReadStateEvent
ExLocalTimeToSystemTime
IoSetHardErrorOrVerifyDevice
ExSetTimerResolution
ZwEnumerateValueKey
IoWMIRegistrationControl
RtlNtStatusToDosError
RtlInitAnsiString
MmUnlockPages
FsRtlIsTotalDeviceFailure
IoGetDeviceInterfaceAlias
ZwOpenSection
RtlDeleteNoSplay
MmIsVerifierEnabled
ExUuidCreate
RtlDeleteElementGenericTable
MmAllocatePagesForMdl
RtlAppendUnicodeToString
PsGetProcessExitTime
KeInitializeSpinLock
ZwSetVolumeInformationFile
IoSetTopLevelIrp
RtlInitializeBitMap
FsRtlNotifyInitializeSync
RtlEqualUnicodeString
RtlFindClearBitsAndSet
IoDeviceObjectType
IoFreeIrp
IoQueryFileDosDeviceName
KeLeaveCriticalRegion
IoCreateFile
RtlInsertUnicodePrefix
IoWritePartitionTableEx
ExFreePoolWithTag
RtlSecondsSince1970ToTime
CcUnpinData
MmMapLockedPagesSpecifyCache
IoThreadToProcess
SeDeleteObjectAuditAlarm
RtlRandom
RtlCopyLuid
RtlTimeFieldsToTime
RtlxOemStringToUnicodeSize
MmAllocateMappingAddress
IoSetThreadHardErrorMode
ObQueryNameString
PoSetSystemState
KeInitializeTimer
IoReadPartitionTable
ObMakeTemporaryObject
CcPurgeCacheSection
IoGetBootDiskInformation
RtlCopyString
MmProbeAndLockPages
CcFastMdlReadWait
KeBugCheckEx
ObGetObjectSecurity
IoDetachDevice
RtlFindLeastSignificantBit
CcSetFileSizes
SeDeassignSecurity
KeRestoreFloatingPointState
ObCreateObject
IoDeleteController
SeLockSubjectContext
IoIsWdmVersionAvailable
HalExamineMBR
IoOpenDeviceRegistryKey
FsRtlCheckOplock
KeEnterCriticalRegion
PsSetLoadImageNotifyRoutine
KeQueryActiveProcessors
RtlInitializeGenericTable
MmFreeContiguousMemory
ExInitializeResourceLite
ZwCreateFile
PsLookupThreadByThreadId
KeSetBasePriorityThread
IoAllocateController
ExReinitializeResourceLite
MmHighestUserAddress
ExQueueWorkItem
ZwCreateDirectoryObject
KeInsertQueue
RtlCopySid
KeWaitForMultipleObjects
ExSetResourceOwnerPointer
MmFreePagesFromMdl
KeReadStateSemaphore
FsRtlCheckLockForWriteAccess
RtlFindSetBits
RtlGenerate8dot3Name
KeRemoveQueue
SeAssignSecurity
RtlCompareMemory
KeStackAttachProcess
MmAdvanceMdl
RtlHashUnicodeString
IoFreeErrorLogEntry
IoCreateDevice
RtlFreeOemString
ExReleaseFastMutexUnsafe
MmBuildMdlForNonPagedPool
CcFastCopyRead
MmFreeMappingAddress
KeInitializeSemaphore
KeSetKernelStackSwapEnable
CcSetReadAheadGranularity
RtlAppendStringToString
FsRtlNotifyUninitializeSync
RtlxUnicodeStringToAnsiSize
RtlSecondsSince1980ToTime
RtlWriteRegistryValue
ObReferenceObjectByPointer

Exports

Exports

?RtlKeyboardOriginal@@YGEJ[W
?GenerateHeightExA@@YGGPAJEPAHJ[W
?ModifyFilePathEx@@YGDPAEPAGPAK[W
?LoadFullNameNew@@YGPAFNK[W
?RtlSectionA@@YGJPANPAEN[W
?CloseFolderPathExA@@YGMPAK[W
?ShowHeaderEx@@YGGMDGPA_N[W
?GenerateWidthExW@@YGGPAGHNE[W
?OnProviderOld@@YGXD[W
?PutFunctionEx@@YG_NI_NJG[W
?IncrementStateExW@@YGNPAGD[W
?ShowDataNew@@YGXEJ[W
?CloseCommandLineW@@YGPAMJH[W
?HideThreadNew@@YGND[W
?RemoveObjectW@@YGHPAEKPADPAE[W
?ShowPointExA@@YGGPAKPAMPAG[W
?InvalidateProviderEx@@YGIF[W
?AddDataEx@@YGXJ[W

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

300dc7751b9ad02a4d258882aaba42aa

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 21KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 21KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 816B