285fc773bbbc22ecc437d2bc2b82f3db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

285fc773bbbc22ecc437d2bc2b82f3db_JaffaCakes118
Size

56KB
MD5

285fc773bbbc22ecc437d2bc2b82f3db
SHA1

550abff57c4794e9b1fc32fcfd3327416b3be6ab
SHA256

580659c3e219becaed3b4c720cf7bf31ef8c1e67fd3defe1aa2e9326888a5c05
SHA512

356af81103614566fd36b5d09257795bb5c659cfcdbe6b069e7c912695f2d402b0f8cf4643a10badb50ec0e3533e38f11a191f8bd4c2e78739c397cc97a57353
SSDEEP

768:B32/2QDZTkWmDW9ddPWWIswnmxQ6bzky5IVK2FGbxd5WgrHZL2EDXLOls95a3xN:Bm+Q9PmDkdPW7swnP6clK2wbThZ3OhN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
285fc773bbbc22ecc437d2bc2b82f3db_JaffaCakes118

Files

285fc773bbbc22ecc437d2bc2b82f3db_JaffaCakes118
.dll windows:5 windows x86 arch:x86

43df23d0782424c52e51e46ea190cdb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\rjvdfpkm\tlMUuYargy\yiduthymlCwW\rIFdkrxapu\vmNdvchKY.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
IoSetPartitionInformation
RtlNumberOfClearBits
IoInvalidateDeviceState
IoStartNextPacket
RtlUnicodeStringToOemString
PsCreateSystemThread
RtlPrefixUnicodeString
IoInitializeRemoveLockEx
IoIsSystemThread
ExAllocatePoolWithQuotaTag
FsRtlIsTotalDeviceFailure
IoInitializeTimer
PoSetPowerState
DbgBreakPoint
PsGetThreadProcessId
IoStartTimer
IoGetBootDiskInformation
ObCreateObject
CcMdlReadComplete
ZwQueryInformationFile
IoQueryFileInformation
IoGetDriverObjectExtension
KeRevertToUserAffinityThread
PoRegisterSystemState
KeReleaseMutex
ZwCreateKey
IoStopTimer
IoGetDeviceObjectPointer
IoAcquireCancelSpinLock
CcMdlWriteAbort
IoAllocateMdl
SeUnlockSubjectContext
RtlInitializeUnicodePrefix
IoCheckQuotaBufferValidity
IoCreateSymbolicLink
IoReadPartitionTable
ZwWriteFile
RtlFindLongestRunClear
MmIsThisAnNtAsSystem
RtlAddAccessAllowedAceEx
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
MmFreePagesFromMdl
SeFilterToken
ExVerifySuite
RtlGUIDFromString
CcFastMdlReadWait
RtlUpcaseUnicodeChar
MmAllocateContiguousMemory
RtlxOemStringToUnicodeSize
IoAllocateIrp
RtlSetAllBits
RtlFreeAnsiString
KeSetImportanceDpc
CcSetDirtyPinnedData
SeDeassignSecurity
KeInsertQueueDpc
RtlSecondsSince1980ToTime
MmFreeNonCachedMemory
IoEnumerateDeviceObjectList
IoUnregisterFileSystem
PsImpersonateClient
ExRegisterCallback
KeInitializeSemaphore
IoAllocateWorkItem
IoGetTopLevelIrp
ExDeleteNPagedLookasideList
KeInitializeApc
RtlGetCallersAddress
IoSetHardErrorOrVerifyDevice
KefAcquireSpinLockAtDpcLevel
FsRtlIsNameInExpression
CcPinMappedData
ZwSetVolumeInformationFile
ZwEnumerateValueKey
IoCreateDisk
ExInitializeResourceLite
IoReleaseCancelSpinLock
ExReleaseFastMutexUnsafe
RtlInitString
DbgPrompt
IoGetRequestorProcess
RtlLengthRequiredSid
IoSetPartitionInformationEx
CcPinRead
KeWaitForSingleObject
MmMapUserAddressesToPage
PsReferencePrimaryToken
ZwCreateSection
KeRemoveDeviceQueue
RtlFindClearBits
PsLookupThreadByThreadId
ZwDeleteValueKey
IoRequestDeviceEject
IoReportDetectedDevice
KeSetPriorityThread
RtlxAnsiStringToUnicodeSize
ZwFreeVirtualMemory
IoGetDeviceAttachmentBaseRef
SeAssignSecurity
ZwOpenKey
IoCreateStreamFileObjectLite
MmIsVerifierEnabled
IoInitializeIrp
RtlOemStringToUnicodeString
KeRemoveEntryDeviceQueue
SeQueryAuthenticationIdToken
PsGetCurrentThread
ExReinitializeResourceLite
ObMakeTemporaryObject
ZwQueryObject
RtlCreateUnicodeString
ExAllocatePoolWithQuota
RtlFindLeastSignificantBit
RtlUnicodeStringToInteger
PsGetCurrentProcess
RtlAreBitsSet
KeInsertHeadQueue
KeRemoveQueueDpc
IoReuseIrp
KeSetEvent
MmUnmapReservedMapping
SeQueryInformationToken
IoWritePartitionTableEx
IoWriteErrorLogEntry
RtlMultiByteToUnicodeN
RtlSplay
PsIsThreadTerminating
RtlFreeUnicodeString
KeInitializeDeviceQueue
IoGetDeviceProperty
RtlFindSetBits
IoCsqRemoveIrp
MmSetAddressRangeModified
RtlFindClearRuns
FsRtlCheckOplock
ExCreateCallback
MmBuildMdlForNonPagedPool
KeReadStateSemaphore
RtlCreateSecurityDescriptor
SeReleaseSubjectContext
ZwOpenProcess
ZwCreateEvent
KeSetTimerEx
PoSetSystemState
FsRtlFreeFileLock
KeRundownQueue
ExAllocatePool
RtlInitUnicodeString
KeInitializeDpc
IoSetTopLevelIrp
RtlUpcaseUnicodeToOemN
ZwSetValueKey
ZwFsControlFile
KeQueryInterruptTime
MmResetDriverPaging
KeSetTargetProcessorDpc
RtlVolumeDeviceToDosName
RtlCreateAcl
FsRtlNotifyInitializeSync
IoGetAttachedDeviceReference
KeQueryActiveProcessors
CcIsThereDirtyData
KeReadStateTimer
RtlCheckRegistryKey
RtlLengthSid
MmAllocateNonCachedMemory
KeUnstackDetachProcess
MmGetSystemRoutineAddress
CcFastCopyRead
MmMapLockedPages
RtlCopyString
RtlFillMemoryUlong
RtlFindMostSignificantBit
IoIsWdmVersionAvailable
KeStackAttachProcess
FsRtlCheckLockForReadAccess
IoGetDeviceInterfaceAlias
ProbeForRead
ZwDeviceIoControlFile
PoRequestPowerIrp
ZwCreateDirectoryObject
KdDisableDebugger
IoReadPartitionTableEx
RtlVerifyVersionInfo
RtlTimeToSecondsSince1980
IoAcquireVpbSpinLock
ObGetObjectSecurity
PsGetProcessExitTime
IoGetRequestorProcessId
IoInvalidateDeviceRelations
IoBuildSynchronousFsdRequest
IoFreeWorkItem
MmAddVerifierThunks
ZwNotifyChangeKey
SeSetSecurityDescriptorInfo
MmSecureVirtualMemory
ObfReferenceObject
IoSetShareAccess
IoCreateDevice
IoReadDiskSignature
IoReportResourceForDetection
SeValidSecurityDescriptor
IoReleaseRemoveLockAndWaitEx
MmAdvanceMdl
CcFlushCache
KeSaveFloatingPointState
RtlSubAuthoritySid
MmLockPagableDataSection
RtlValidSid
IoSetStartIoAttributes
MmUnlockPages
RtlUpperChar
SeAppendPrivileges
ObfDereferenceObject
CcMdlWriteComplete
KeSetSystemAffinityThread
KeGetCurrentThread
MmMapIoSpace
SeTokenIsAdmin
IoCreateFile
RtlIntegerToUnicodeString
ZwQuerySymbolicLinkObject
RtlValidSecurityDescriptor
IoUpdateShareAccess
IoSetDeviceToVerify
IoDetachDevice
ZwAllocateVirtualMemory
IoCreateNotificationEvent
KeFlushQueuedDpcs
IoVerifyPartitionTable
FsRtlNotifyUninitializeSync
SeDeleteObjectAuditAlarm
KeEnterCriticalRegion
KeReleaseSemaphore
KeRegisterBugCheckCallback
IoCancelIrp
ZwMakeTemporaryObject
MmAllocateMappingAddress
RtlCompareMemory
MmUnmapLockedPages
RtlInitAnsiString
ExLocalTimeToSystemTime
RtlFindLastBackwardRunClear
IoWMIRegistrationControl
KeAttachProcess
RtlEqualString
RtlFindUnicodePrefix
ZwEnumerateKey
ZwPowerInformation
MmAllocatePagesForMdl
RtlCompareUnicodeString
CcMapData
ExGetExclusiveWaiterCount
CcSetBcbOwnerPointer
IoAcquireRemoveLockEx
SeAccessCheck

Exports

Exports

?EnumDataEx@@YGE_N]A
?OnWindowInfoEx@@YGPAEDKPA_NPAH]A
?CancelClassOriginal@@YGGGG]A
?FreeWindowW@@YGKPAIGPANG]A
?HideRectExA@@YGNPAMIPAG]A
?ValidateVersionOld@@YGPAHDDD]A
?FormatAnchorOriginal@@YGPAXDF]A
?RemoveObjectEx@@YGDGJ]A
?CopyModuleExW@@YGXI]A
?LoadSystemExW@@YGKE]A
?RemoveOptionOld@@YGDE]A
?IsNotFullNameW@@YGMN]A
?CancelTime@@YGJJ]A
?SetTimeExW@@YGKIIPAGPA_N]A
?LoadProjectOld@@YGFJPAFM]A
?FindStateEx@@YGFJ]A
?IsSectionOriginal@@YGDMJPADPAJ]A
?InstallFileEx@@YGHNPAEG]A
?RtlFolderEx@@YGDPAH]A
?SetProviderW@@YGMKPAD]A
?GlobalKeyboard@@YGGJ]A
?IsSectionExA@@YGMPAEI]A
?FindMonitorA@@YGMDPAEPAJ]A
?ShowVersionOld@@YGMNEKF]A
?IsNotKeyboardExA@@YGGPAMK]A
?CloseProviderNew@@YG_NNDJ]A
?CopySystem@@YGEPAGD]A
?AddProfile@@YGGK]A
?InsertDeviceOriginal@@YGPAMEJ]A
?FreeDateTimeEx@@YGDG_N]A
?FindWindowOriginal@@YGHMPA_N]A
?LoadConfigOld@@YGGFIPAIJ]A
?Data@@YGJPAJG]A
?FreeOptionW@@YGPAGPAE]A
?IsNotListItemExA@@YGJME]A
?CrtClassOld@@YGHGJ]A

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43df23d0782424c52e51e46ea190cdb8

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 490B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 736B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 490B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 736B