289844b24cf648a1752f0f0f5b28c223_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

289844b24cf648a1752f0f0f5b28c223_JaffaCakes118
Size

331KB
MD5

289844b24cf648a1752f0f0f5b28c223
SHA1

3bcff57e7b5f22c1e969c45e2aa751f746d7c5d9
SHA256

e362709c8905d22ae1c8603c5c2c1fb8492a8e096aa4f49b80077ed8ac31c197
SHA512

817b31d7ae82a87c6a4c64d578b4277b59b2d443fac88f7629846131be266a27ee8d6c5bffeb0e27b0ea702666141501d32b2a37d6e162ae4d1b8958f211976e
SSDEEP

6144:v5zrwbmXKpAAKIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQ0dWihh2:prwbrf9EXpYrVpmt9jy1l+7xWsH/jzI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
289844b24cf648a1752f0f0f5b28c223_JaffaCakes118

Files

289844b24cf648a1752f0f0f5b28c223_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9c6aea73919ec8710d97763856c138dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ktlDfHT\itvpqfzzxjOaw\gwgzlbKxQDf.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoSetDeviceInterfaceState
KeInitializeTimerEx
RtlDeleteNoSplay
MmMapLockedPages
RtlSetBits
ExDeletePagedLookasideList
IoQueryFileDosDeviceName
MmAllocateMappingAddress
KeRemoveDeviceQueue
RtlGetNextRange
IoCreateStreamFileObject
FsRtlCheckLockForWriteAccess
IoCheckQuotaBufferValidity
IoBuildSynchronousFsdRequest
IoGetDeviceProperty
KeInitializeEvent
RtlUnicodeStringToAnsiString
ExGetPreviousMode
ZwCreateEvent
KeQueryTimeIncrement
PoSetSystemState
ZwPowerInformation
IoGetBootDiskInformation
FsRtlIsFatDbcsLegal
IoGetDeviceObjectPointer
PoRequestPowerIrp
ExSetResourceOwnerPointer
IoGetDmaAdapter
IoInitializeRemoveLockEx
RtlFindClearBits
RtlCopySid
MmAdvanceMdl
CcCopyRead
IoGetDriverObjectExtension
SeFilterToken
IoInitializeIrp
ExDeleteResourceLite
RtlInitializeUnicodePrefix
IoRemoveShareAccess
ExReleaseResourceLite
ZwQueryObject
IoSetTopLevelIrp
IoGetLowerDeviceObject
RtlVerifyVersionInfo
CcMdlRead
RtlDowncaseUnicodeString
RtlLengthRequiredSid
RtlQueryRegistryValues
IoAllocateMdl
IoAcquireRemoveLockEx
KeSetBasePriorityThread
KeRundownQueue
KefAcquireSpinLockAtDpcLevel
KeInsertByKeyDeviceQueue
RtlDelete
ExRaiseStatus
IoRegisterDeviceInterface
ZwReadFile
IoDeleteDevice
FsRtlGetNextFileLock
KeRestoreFloatingPointState
ZwSetVolumeInformationFile
IoWriteErrorLogEntry
ProbeForRead
PsGetCurrentProcess
KeRemoveQueue
KeDelayExecutionThread
RtlCopyLuid
IoFreeController
IoDisconnectInterrupt
RtlClearBits
ZwOpenKey
ObfDereferenceObject
SeOpenObjectAuditAlarm
CcMapData
PsGetProcessExitTime
KeGetCurrentThread
IoStartNextPacket
IoGetRequestorProcessId
IoDeviceObjectType
ExUuidCreate
CcSetFileSizes
CcMdlWriteComplete
MmGetPhysicalAddress
IoCreateNotificationEvent
IoInvalidateDeviceState
IoGetDeviceAttachmentBaseRef
CcUnpinData
PoRegisterSystemState
ObQueryNameString
ProbeForWrite
PoStartNextPowerIrp
KeSetSystemAffinityThread
RtlUpcaseUnicodeChar
SeUnlockSubjectContext
RtlTimeToSecondsSince1980
ObOpenObjectByPointer
IoUnregisterFileSystem
MmGetSystemRoutineAddress
KeRevertToUserAffinityThread
RtlSetDaclSecurityDescriptor
KeReleaseSemaphore
ZwUnloadDriver
RtlNumberOfClearBits
SeAssignSecurity
SeCreateClientSecurity
RtlInitString
FsRtlNotifyUninitializeSync
MmLockPagableSectionByHandle
CcMdlReadComplete
FsRtlNotifyInitializeSync
MmSizeOfMdl
RtlSetAllBits
IoGetTopLevelIrp
PsGetCurrentThread
KeSetTimer
RtlDeleteElementGenericTable
ExAllocatePool
IoDetachDevice
SeReleaseSubjectContext
SeTokenIsAdmin
RtlAreBitsSet
MmFreeContiguousMemory
RtlTimeToSecondsSince1970
RtlInitAnsiString
SeAccessCheck
PsImpersonateClient
ZwDeleteValueKey
KeInitializeSpinLock
PsCreateSystemThread
KeUnstackDetachProcess
FsRtlIsNameInExpression
PsGetCurrentProcessId
ZwClose
CcUninitializeCacheMap
IoInitializeTimer
FsRtlIsTotalDeviceFailure
SeAppendPrivileges
SePrivilegeCheck
ZwCreateSection
CcPinRead
ObCreateObject
IofCompleteRequest
FsRtlSplitLargeMcb
IoSetHardErrorOrVerifyDevice
RtlUpcaseUnicodeToOemN
ExFreePoolWithTag
ObfReferenceObject
ObReleaseObjectSecurity
IoEnumerateDeviceObjectList
ZwCreateKey
MmUnlockPagableImageSection
CcPurgeCacheSection
RtlInitUnicodeString
IoStopTimer
RtlUnicodeStringToInteger
RtlCopyString
RtlVolumeDeviceToDosName
CcPinMappedData
MmIsAddressValid
FsRtlMdlWriteCompleteDev
IoWMIWriteEvent
RtlFindClearRuns
RtlCopyUnicodeString
PoSetPowerState
ZwQuerySymbolicLinkObject
IoAllocateWorkItem
MmForceSectionClosed
RtlFindLeastSignificantBit
ExVerifySuite
IoAllocateAdapterChannel
WmiQueryTraceInformation
ZwDeviceIoControlFile
RtlFindMostSignificantBit
ExGetSharedWaiterCount
FsRtlFreeFileLock
KeWaitForMultipleObjects
IoSetSystemPartition
MmMapLockedPagesSpecifyCache
IoReleaseVpbSpinLock
IoGetCurrentProcess
IoIsOperationSynchronous
CcFastCopyWrite
KeInsertDeviceQueue
KeSaveFloatingPointState
ObMakeTemporaryObject
MmIsDriverVerifying
MmHighestUserAddress
MmResetDriverPaging
IoAllocateController
ExRegisterCallback
CcPreparePinWrite
RtlClearAllBits
SeQueryInformationToken
IoGetStackLimits
RtlOemStringToUnicodeString
RtlPrefixUnicodeString
SeValidSecurityDescriptor
ZwNotifyChangeKey
RtlInt64ToUnicodeString
IoVerifyPartitionTable
PsLookupThreadByThreadId
FsRtlIsDbcsInExpression
CcFastCopyRead
IoConnectInterrupt
ExFreePool
IoMakeAssociatedIrp
RtlValidSid
RtlExtendedIntegerMultiply
KeRegisterBugCheckCallback
RtlLengthSecurityDescriptor
RtlCheckRegistryKey
KeReadStateSemaphore
IoWritePartitionTableEx
KeInitializeApc
ZwOpenProcess
KeQueryActiveProcessors
RtlMultiByteToUnicodeN
IofCallDriver
ObReferenceObjectByPointer
MmUnmapLockedPages
ExCreateCallback
IoReadPartitionTable
IoSetStartIoAttributes
IoDeleteController
SeLockSubjectContext
RtlValidSecurityDescriptor
IoCreateSynchronizationEvent
MmAllocateNonCachedMemory
CcCanIWrite
ObInsertObject
RtlSplay
RtlFindSetBits
IoReportResourceForDetection
ExAllocatePoolWithQuota
RtlFindUnicodePrefix
ExRaiseAccessViolation
SeQueryAuthenticationIdToken
RtlSecondsSince1980ToTime
IoCreateFile
RtlUpperChar
RtlEqualString
IoBuildPartialMdl
IoSetThreadHardErrorMode
ZwFreeVirtualMemory
MmFreeMappingAddress
ZwMakeTemporaryObject
MmUnsecureVirtualMemory
ExGetExclusiveWaiterCount
RtlRemoveUnicodePrefix
KdEnableDebugger
CcDeferWrite
IoVerifyVolume
MmMapUserAddressesToPage

Exports

Exports

?GlobalMessageOriginal@@IJNEE@X
?CallPathOriginal@@IJMD@X
?IncrementData@@IJPAMJD@X
?InstallPointerExW@@IJHEPAEF_N@X

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vars1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars2
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vptr1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr2
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c6aea73919ec8710d97763856c138dc

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.vars1 Size: 512B - Virtual size: 32B

.vars2 Size: 512B - Virtual size: 32B

.vars3 Size: 512B - Virtual size: 32B

.vars4 Size: 512B - Virtual size: 32B

.vptr1 Size: 512B - Virtual size: 32B

.vptr2 Size: 512B - Virtual size: 32B

.vptr3 Size: 512B - Virtual size: 32B

.vptr4 Size: 512B - Virtual size: 32B

.data Size: 20KB - Virtual size: 50KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 1024B - Virtual size: 588B

.text
Size: 13KB - Virtual size: 12KB

.vars1
Size: 512B - Virtual size: 32B

.vars2
Size: 512B - Virtual size: 32B

.vars3
Size: 512B - Virtual size: 32B

.vars4
Size: 512B - Virtual size: 32B

.vptr1
Size: 512B - Virtual size: 32B

.vptr2
Size: 512B - Virtual size: 32B

.vptr3
Size: 512B - Virtual size: 32B

.vptr4
Size: 512B - Virtual size: 32B

.data
Size: 20KB - Virtual size: 50KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 1024B - Virtual size: 588B